<!DOCTYPE html>
<html class='v2' dir='ltr' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>
<head>
<link href='https://www.blogger.com/static/v1/widgets/2975350028-css_bundle_v2.css' rel='stylesheet' type='text/css'/>
<meta content='width=1100' name='viewport'/>
<meta content='X3PX4lxDgtVDGNZv1C7JhtjCIQXvizn6IzKnrLs6UmM' name='google-site-verification'/>
<meta content='u1Umno2V51sOefvZSupzfrrGof2xXx6743-CzHdL-Q4' name='google-site-verification'/>
<meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/>
<meta content='blogger' name='generator'/>
<link href='https://blog.talosintelligence.com/favicon.ico' rel='icon' type='image/x-icon'/>
<link href="https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html" rel='canonical' />
<link rel="alternate" type="application/atom+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom" href="https://blog.talosintelligence.com/feeds/posts/default" />
<link rel="alternate" type="application/rss+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - RSS" href="https://blog.talosintelligence.com/feeds/posts/default?alt=rss" />
<link rel="service.post" type="application/atom+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom" href="https://www.blogger.com/feeds/1029833275466591797/posts/default" />

<link rel="alternate" type="application/atom+xml" title="Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom" href="https://blog.talosintelligence.com/feeds/815244403413243368/comments/default" />
<!--Can't find substitution for tag [blog.ieCssRetrofitLinks]-->
<link href='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsnZVqaECj6vdsft3luT7kVveSWQaFxytsp-RFda-jgVhbrqFiIfwbdlPP_ismSW4vbzINmeOKtYHxG7m-C2lFpDLVaj0TnQG8i2enwFaZB6gWDBhSQ3MuuD7lmF-Cq-VcVbseIRU2_dh9iylBOBs5CHRdEuQlpYa2GdKi7j815O908c0JIQ-k-JUjew/s16000/image13.jpg' rel='image_src'/>
<meta content='http://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html' property='og:url'/>
<meta content='Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' property='og:title'/>
<meta content='A blog from the world class Intelligence Group, Talos, Cisco&#39;s Intelligence Group' property='og:description'/>
<meta content='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsnZVqaECj6vdsft3luT7kVveSWQaFxytsp-RFda-jgVhbrqFiIfwbdlPP_ismSW4vbzINmeOKtYHxG7m-C2lFpDLVaj0TnQG8i2enwFaZB6gWDBhSQ3MuuD7lmF-Cq-VcVbseIRU2_dh9iylBOBs5CHRdEuQlpYa2GdKi7j815O908c0JIQ-k-JUjew/w1200-h630-p-k-no-nu/image13.jpg' property='og:image'/>
<title>Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Manjusaka: A Chinese sibling of Sliver and Cobalt Strike</title>
<link href='https://fonts.googleapis.com/css?family=Roboto:100,300,400|Exo+2:500,400,300,100,700|Fira+Mono' rel='stylesheet'/>
<style id='page-skin-1' type='text/css'><!--
.CSS_LIGHTBOX {
z-index: 9999 !important;
}
html,body,div {
margin:0;
padding:0;
border:0;
}
html,body {width:100%;height:100%;position:relative;}
body {
display: table;
background-color: #26282A;
overflow-x: hidden;
color: #FFF;
font-family: 'Roboto', sans-serif;
font-weight: 300;
font-size: 11.5pt;
line-height: 1.5em !important;
text-align:left;
}
#header {
display: none;
}
a {
color: #ffffff;
}
a:hover {
color: #f19615 !important;
}
.widget {
line-height: 1.5em;
}
/* Float Controls */
.float-left  { float: left; }
.float-right { float: right; }
#page_wrapper {
min-height: 100%;
min-width:  100%;
background-color: #26282A;
position: relative;
top:    0;
bottom: 100%;
left:   0;
z-index: 300;
/*display: table-row; This was needed for sticky footer, but interferes with new mobile nav*/
}
.col_single {
max-width: 1200px;
width: 100%;
margin: 0 auto;
height: 100%;
float: none;
padding: 80px 15px 150px 15px;
}
.col_single .col-xs-12 { padding: 0 35px; }
.col-xs-12.wide { padding: 0 15px;}
#main-wrapper {
margin-left: 2%;
width: 98%;
display: inline;
word-wrap: break-word;
overflow: hidden;
}
@media (min-width: 950px) {
#main-wrapper {
width: 67%;
float: left;
}
}
label {
font-weight: 300;
text-align: left;
font-size: 10pt;
font-family: 'Roboto', sans-serif;
text-transform: none;
left: 0;
line-height: 1em !important;
display: block;
color: #bdb5b5;
padding-bottom: 4px;
}
/********* Navigation styles **********/
/* full navigation wrapper(s) */
#nav {
/*height: 100%;*/
margin: auto;
font-family: 'Roboto', sans-serif;
font-weight: 300;
font-size: 11pt;
background-color: #1f1f21;
}
#navigation {
width:  100%;
height: 100%;
position: fixed;
top:    0;
right:  0;
bottom: 0;
left:   0;
z-index: 0;
background-color: #005f8e;
text-align: left;
padding: 0;
}
/** This section after removing icons from desktop display **/
#top-nav-bar {
background-color: #161617;
color: #bfbfbf;
font-size: 11px;
font-weight: 400;
text-transform: uppercase;
text-align: right;
padding: 1px 12px;
/* only show on desktop sizes */
display: none;
}
.top-nav-links-wrapper li.site-link a {
padding-left: 20px !important;
background-size: 14px;
background-position: 0 4px;
font-weight: 400 !important;
color: #bfbfbf !important;
width: 100%;
height: 25px;
}
.top-nav-links-wrapper li.site-link a:hover {
color: #fff !important;
}
.account-link { background-image: url('icon_account_small.svg'); }
.account-link:hover { background-image: url('icon_account_small_white.svg'); }
li.site-link a {
background-repeat: no-repeat;
}
.navigation-links-wrapper .site-link a {
background-size: 100%;
background-position: center center;
min-width: 20px;
min-height: 20px;
margin-bottom: -4px;
}
.navigation-links-wrapper .site-link:first-of-type {
margin-left: 50px;
}
/* Navigation needs to be behind page wrapper for mobile but in front of it for desktop */
@media (min-width: 1000px) {
#nav {
height: 80px !important;
font-size: 9pt;
}
#navigation {
z-index: 500;
background-color: transparent;
text-align: center;
position:relative;
}
#top-nav-bar {
display: block;
}
}
#nav ul {
list-style: none;
margin:  0;
padding: 0;
display: block;
}
#nav ul.main-nav-list {
margin: 0 auto;
left: 0;
}
#nav li {
text-align: left;
}
.nav-item {
width: 300px;
border: 1px solid #005f8e;
}
#nav a {
color: #fff;
font-weight: 300;
display: block;
height: 100%;
width:  100%;
-webkit-transition: color 0.2s ease, background-color 0.5s ease;
-moz-transition:    color 0.2s ease, background-color 0.5s ease;
-o-transition:      color 0.2s ease, background-color 0.5s ease;
transition:         color 0.2s ease, background-color 0.5s ease;
}
#nav a:hover { color: #fff; background-color: #393d43; }
.nav-item a  { padding: 10px 15px; }
.nav-item:hover { border: 1px solid #393d43; }
@media (min-width: 1000px) {
.nav-item, .nav-item:hover { border: none; }
}
.primary_nav_link{
text-decoration:none
}
/* Overrides natural list display styles for horizontal nav on desktop */
/* Also splits navigation so there is a section on either side of logo */
@media (min-width: 1000px) {
#nav a {
padding: 0;
font-weight: 400;
}
#nav a.primary_nav_link {
/* increasing contrast */
color: #fff;
font-size: 1.1em;
padding-top: 19px;
padding-bottom: 19px;
font-weight: 300;
}
#nav a.primary_nav_link:hover span {
box-shadow: 0 2px 0 0 #0076be;
}
#nav a.primary_nav_link:hover{
color: #fff!important
}
#nav a:hover {
background-color: transparent;
}
#nav li {
display: inline-block;
text-align: center;
height: 100%;
margin: 0 8px;
}
#nav .sub-nav li { display:block;}
#nav span { display: block; line-height: 1.15em; }
}
@media (min-width: 1300px) {
#nav li { margin: 0 .5rem;}
#nav a.primary_nav_link {
font-size: 1.25em;
}
}
.break { display: none;}
/* Spacing between nav icons on large displays, also changes word breaks on longer link titles */
@media (min-width: 1000px) { .break { display: inline !important; } }
@media (min-width: 1170px) { .break { display: none !important; } }
/* end structural styles */
/****** LOGOS ******/
.navigation-logos-wrapper {
display: block;
float: left;
min-width: 300px;
padding-top: 8px;
text-align: left;
}
.navigation-links-wrapper {
display:block;
}
@media (min-width: 1000px) {
.navigation-links-wrapper {
display:inline-block;
margin-left: -75px;
}
}
@media (min-width: 1300px) {
.navigation-links-wrapper {
display:inline-block;
margin-left: -115px;
}
}
@media (min-width: 1600px) {
.navigation-links-wrapper {
/* centers links, accounts for logo wrapper on left of desktop nav */
margin-left: -357px;
padding-top:2px;
}
}
#cisco-logo-wrapper, #talos-logo-wrapper {
display: inline-block;
}
#cisco-logo-wrapper {
border-right: 1px solid #3f4143;
margin-left: 10px;
margin-right: 12px;
background-image: url('https://www.talosintelligence.com/assets/logo_cisco_white.svg');
background-repeat: no-repeat;
width: 82px;
height: 35px;
opacity: 0.6;
}
#talos-logo-wrapper svg {
height: 36px;
width: auto;
}
#talos-logo-wrapper svg path.st1 {
fill: #0077BE;
}
#nav-logo svg {
transition:         max-width 0.2s ease;
-webkit-transition: max-width 0.2s ease;
-moz-transition:    max-width 0.2s ease;
-o-transition:      max-width 0.2s ease;
}
#nav-logo svg path {
transition:         fill 0.2s ease;
-webkit-transition: fill 0.2s ease;
-moz-transition:    fill 0.2s ease;
-o-transition:      fill 0.2s ease;
}
@media (min-width: 1000px) {
#nav-logo {
background-color: transparent;
}
}
/* Mobile navigation has an additional icon for 'home' in the shelf menu since
/* the main logo stays in the center of the page away from other menu items */
#mobile-nav-topper {
display: inline-block;
width: 300px;
padding: 9px 10px 4px 10px;
background-color: #1278ba;
border-bottom: 1px solid #fff;
text-align: center;
}
#mobile-nav-topper a:hover {
background: transparent !important;
}
@media (min-width: 1000px) {
#mobile-nav-topper { display: none; }
}
/* end mobile logo styles */
/****** NAVIGATION LINK ICONS *******/
.nav-item svg {
padding-top: 3px;
margin-top: 7px;
}
@media (min-width: 1000px) {
.nav-item svg { padding: 0; margin: 0; }
}
#link_blog { margin-top: -1px; } /* Adjusts for pencil that sticks slightly above icon box */
/****** LINK TEXT ADJUSTMENTS ******/
#nav span {
padding-left: 15px;
vertical-align: 5px; /* offsets span sitting at bottom of <a> tag on mobile nav */
}
@media (min-width: 1000px){
#nav span {
padding-left: 0;
vertical-align: baseline;
}
.primary_nav_link svg {
display: none;
}
}
/* Mobile Shelf Styles */
.nav-trigger + label, #page_wrapper, #nav-logo, #footer, .sub-nav-trigger, .sub-nav {
transition:         left 0.2s;
-webkit-transition: left 0.2s;
-moz-transition:    left 0.2s;
-o-transition:      left 0.2s;
}
.nav-trigger:checked + label, .nav-trigger:checked ~ #page_wrapper, .nav-trigger:checked ~ #nav-logo, .nav-trigger:checked ~ #footer {
left: 300px;
}
.sub-nav-trigger:checked ~ .sub-nav {
left: 50px;
}
.sub-nav-trigger:checked ~ .subnav-overlay {
visibility: visible;
opacity: 1;
}
/* If someone expands mobile nav menu and then changes browser window to desktop nav (over 1000px) */
@media (min-width: 1000px) {
.nav-trigger:checked + label, .nav-trigger:checked ~ #page_wrapper, .nav-trigger:checked ~ #nav-logo, .nav-trigger:checked ~ #footer {
left: 0;
}
.sub-nav-trigger:checked ~ .sub-nav {
left: 0;
}
.desktop-hide { display: none !important; }
}
/* Mobile sub navigation styles */
.primary-link-wrapper {
width: 243px;
display: inline-block;
}
.subnav-overlay {
width:  100%;
height: 100%;
position: fixed;
top:    0;
right:  0;
bottom: 0;
left:   0;
background-color: #005f8e;
visibility: hidden;
opacity: 0;
transition: visibility 0s, opacity 0.25s linear;
}
.subnav-overlay svg {
opacity: 0.5;
margin: 10px 0 0 10px;
}
.sub-nav {
width:  100%;
height: 100%;
position: fixed;
top:    0;
right:  0;
bottom: 0;
left:   300px;
z-index: 1;
list-style: none;
background: #393d43;
}
.sub-nav li {
width: 100%;
height: auto;
}
.sub-nav li a {
display: block;
padding: 12px 20px;
color: white;
text-decoration: none;
}
.sub-nav a:hover {
background-color: #f19615;
}
.subnav-back-button {
cursor: pointer;
width: 100%;
padding: 20px;
background-color: #2d3035;
}
/* css chevron */
.subnav-back-button::before {
border-style: solid;
border-width: 3px 3px 0 0;
content: '';
display: inline-block;
height: 12px;
width:  12px;
position: relative;
vertical-align: top;
transform: rotate(-135deg);
margin-right: 30px;
}
.sub-nav h1 {
font-family: "Roboto", Helvetica, Arial, sans-serif;
text-transform: none;
font-weight: 300;
font-size: 16pt;
padding-top: 10px;
margin-top: 20px;
margin-bottom: 10px;
}
.sub-nav-trigger-label:hover svg g circle {
fill: #f19615;
}
.sub-nav-trigger-label:hover {
background-color: #393d43;
}
.sub-nav-trigger-label {
cursor: pointer;
padding: 0;
margin:  0;
text-align: center;
display: inline-block;
float: right;
width: 55px;
-webkit-transition: color 0.2s ease, background-color 0.5s ease;
-moz-transition:    color 0.2s ease, background-color 0.5s ease;
-o-transition:      color 0.2s ease, background-color 0.5s ease;
transition:         color 0.2s ease, background-color 0.5s ease;
}
@media (min-width: 1000px) {
.sub-nav-trigger-label, .sub-nav-trigger {
display: none;
}
.primary-link-wrapper {
width: auto;
display: block;
height: 100%;
}
}
/* Subnav (dropdown) styles for desktop and large mobile */
@media (min-width: 1000px) {
.sub-nav {
display:block !important;
height: 0;
top: 80px;
z-index: 5000;
padding: 0;
margin-left: -55px !important;
white-space: nowrap;
text-align: left !important;
left: auto;
right: auto;
bottom: auto;
}
#nav ul::before, #nav ul::after {
content: "";
display: table;
}
#nav ul::after {
clear: both;
}
.sub-nav li {
overflow: hidden;
text-align: left !important;
background-color: #393d43;
height: 0;
width: 230px;
-webkit-transition: height 200ms ease-in, background-color 0.3s ease;
-moz-transition:    height 200ms ease-in, background-color 0.3s ease;
-o-transition:      height 200ms ease-in, background-color 0.3s ease;
transition:         height 200ms ease-in, background-color 0.3s ease;
}
.sub-nav a {
display: inline-block;
margin-top: -4px;
padding: 10px !important;
}
.sub-nav li:hover {
background-color: #f19615;
}
.sub-nav li:hover a {
color: #212224 !important;
font-weight: 500 !important;
}
#nav ul > li:hover .sub-nav li {
height: 36px !important;
}
}
/* Mobile shelf trigger styles */
/* hides the checkboxes */
.nav-trigger, .sub-nav-trigger {
position: absolute;
clip: rect(0, 0, 0, 0);
display: block;
}
label[for="nav-trigger"] {
position: fixed;
padding: 15px 0 0 15px;
z-index: 9900;
height: 50px;
width:  100px;
cursor: pointer;
display: block;
}
.nav-item {
height: 55px;
}
@media (min-width: 1000px) {
.nav-trigger, label[for="nav-trigger"] { display: none; }
.nav-item { width: auto; border: none;}
}
.login-button {
border-radius: 2px;
background-color: #0076be;
color: #fff !important;
padding: 0 6px !important;
line-height: 1.75em;
-webkit-transition: background .5s;
transition: background .5s;
}
.login-button:hover {
background-color: #f19615 !important;
}
.login-button svg {
display: block;
float: left;
height: 15px;
width: 15px;
margin-top: -3px;
}
.login-button svg path {
fill: #9EA0A5;
-webkit-transition: fill 0.2s ease;
-moz-transition:    fill 0.2s ease;
-o-transition:      fill 0.2s ease;
transition:         fill 0.2s ease;
}
.login-button:hover svg path {
fill: #fff;
}
.display-name {
text-transform: none;
color: #fff;
}
.desktop-hide .login-button {
max-width: 280px;
padding: 12px 24px !important;
font-weight: 400 !important;
background-color: #fff;
color: #25272a !important;
text-align: center;
font-size: 1.1em !important;
}
.acct_links {
color: #fff;
font-weight: 300 !important;
font-family: 'Roboto', sans-serif;
margin: 0;
padding-top: 5px;
padding-left: 10px;
height: auto !important;
}
/*********** Footer Styles *********/
#footer {
clear: both;
min-height: 110px;
text-align: center;
color: #cfd0d4;
font-size: 10.5pt;
font-family: 'Roboto', sans-serif;
font-weight: 400;
width: 100%;
background-color: #212224;
display: block;
position: absolute;
}
.copyright{
font-size: .85em;
font-weight: 300;
padding-top: .75em;
color: #cfd0d4
}
a.copyright-underline{
box-shadow:0 1px 0 0 #ed6f09;
text-decoration:none!important;
}
#footer .footer_nav_wrapper {
margin: auto;
}
#footer ul {
margin: auto;
list-style: none;
}
#footer a {
font-family: 'Roboto', sans-serif!important;
color:#cfd0d4!important;
text-decoration:none;
}
ul.footer_nav {
text-align: center;
padding: 0 20px;
}
.footer_nav li a{
display: inline-block;
width: 195px!important;
line-height: 21px!important;
font-weight: 300;
}
@media  screen and (min-width: 992px) {
ul.footer_nav {
text-align: left;
}
}
.nopad {
margin: 0;
padding: 0;
}
ul.footer_nav li.list_col {
text-align: center;
}
ul.footer_nav li ul li {
padding: 1px 0;
}
/* styles for full width nav col with straight 1 col list of links - small mobile screens */
ul.footer_nav li ul.pad.second.last {
padding-bottom: 32px;
}
ul.footer_nav li ul.pad.first.top {
padding-top: 32px;
padding-left: 0;
}
ul.footer_nav ul {
padding-left: 0;
}
@media screen and (min-width: 450px) {
/* styles for full width nav col, 2 list cols */
ul.footer_nav li ul.pad {
padding: 32px 25px 32px 0;
}
ul.footer_nav li ul.pad.last {
padding-right: 0;
padding-left: 0;
}
ul.footer_nav li ul.pad.second {
padding-top: 0;
}
ul.footer_nav li ul.pad.first {
padding-bottom: 0;
}
ul.footer_nav li.list_col {
display: inline-block;
text-align: left;
}
}
@media screen and (min-width: 800px) {
/* styles for full width nav col, 4 list cols */
ul.footer_nav li ul.pad.first, ul.footer_nav li ul.pad.second {
padding: 32px 28px 32px 0;
}
li.nopad {
display:inline-block;
}
}
@media screen and (min-width: 1050px) {
/* styles for full width nav col, expanded 4 list cols - large screens */
ul.footer_nav li ul.pad {
padding: 32px 40px 32px 0;
}
}
#footer .footer_corporate img {
max-width: 85px;
margin-top: 20px;
}
.underline {
text-decoration: underline;
}
.footer_corporate {
padding-bottom: 15px;
border-top: 2px solid #3f4143;
line-height: 1.35em;
}
#footer h5 {
font-weight: 400;
font-size: 11pt;
text-align: center;
color: #9ea0a5;;
letter-spacing: .25pt;
}
.row {
clear: both;
}
@media  screen and (min-width: 992px) {
.connect_social ul {
text-align: right;
padding-right: 20px;
padding-bottom: 0;
}
.connect_social {
width: 25%;
display:inline-block;
}
.col-md-9 {
width:75%;
float: left;
}
#footer h5 {
padding-top: 35px;
text-align: right;
padding-right: 52px;
}
}
.connect_social ul {
text-align: center;
padding-right: 0;
padding-bottom: 7px;
padding-left: 0;
}
.connect_social ul li {
display: inline-block;
}
.connect_social ul li img {
width: 33px;
height: 33px;
margin: 5px 3px;
}
#footer .connect_social h5{
padding-right: 0;
text-align: center;
}
#footer a {
color: rgba255,255,255,.25)
cursor: pointer;
font-family: "Exo 2", sans-serif;
}
#footer a:hover {color: #f19615;}
.full-height {
height: 100%
}
#content-wrapper {
display: inline-block;
}
/*********** Sidebar Styles ************/
#sidebar-wrapper {
margin-right: 2%;
display: inline;
word-wrap: break-word;
overflow: hidden;
padding-top: 20px;
border-left: 2px solid #26282A;
}
@media (min-width: 950px) {
#sidebar-wrapper {
width: 25%;
float: right;
}
}
.sidebar h2 {
font-family: 'Exo 2', sans-serif;
font-weight: 700;
color: #3f7b9f;
text-transform: uppercase;
font-size: 11pt;
letter-spacing: 1.5pt;
}
.sidebar ul li {
font-size: 9pt;
}
.sidebar .widget {
border-bottom: 2px solid #5c656d;
margin: 0 0 1.5em;
padding: 0 0 1.5em;
}
a.post-count-link {
font-family: 'Exo 2', sans-serif;
color: #9EA0A5;
text-transform: uppercase;
letter-spacing: 1.5pt;
font-weight: 500;
}
a.post-count-link:hover {
color: #f19615;
}
.posts a {
color: #ffffff;
}
.posts a:hover {
color: #f19615;
}
.Label ul {
margin: 5px 0;
padding: 5px 10px;
list-style: none;
list-style-image: none;
max-height: 200px;
overflow: scroll;
border: 1px solid #5c656d;
}
.Label ul li {
background: none;
list-style: none;
list-style-image: none;
list-style-position: outside;
border-width: 0;
padding-left: 15px;
text-indent: -15px;
margin: .25em 0;
background-image: none;
}
.Label ul li a {
color: #ffffff;
font-family: Roboto, sans-serif;
text-transform: uppercase;
font-size: 12px;
}
.Label ul li a:hover {
color: #f19615;
}
/** zippy is the triangle expanders **/
.zippy {
color: #9EA0A5;
}
.subscribe-wrapper {
margin: 0.5em 0;
}
div.subscribe {
background-color: #5c656d;
font-size: 10pt;
font-weight: 100 !important;
color: #ffffff;
border-radius: 2px;
width: 100%;
line-height: 2em;
padding: 1px;
margin: 8px 0;
transition: background-color 0.5s ease;
}
div.subscribe:hover {
background-color: #9EA0A5;
}
div.subscribe div.top, div.subscribe div.bottom {
background-image: none !important;
width: 100%;
}
.feed-icon {
padding: 4px 10px 6px 5px;
width: 15px;
height: auto;
vertical-align: middle;
}
.subscribe-dropdown-arrow {
margin-top: 3px;
margin-left: 10px;
}
#category_list li{
list-style:none;
}
#category_list span{
margin-right: 9px;
padding-left: 18px;
white-space: nowrap;
display: inline-block;
}
#category_list button{
border: none;
border-right: 1px solid #5c656d;
background-color: #5c656d;
font-size: 10pt;
color: #ffffff;
width: auto;
text-align: left;
height: 18px;
font-size: .75em;
margin: 0px -22px;
display: inline-block;
outline: none;
text-transform: capitalize;
transition: background-color 0.5s ease;
}
#category_list a {
position: relative;
margin-left: 20px;
}
#category_list button.selected{
color: #26282A;
background: #ef6f09;
}
#category_list button.selected:hover{
background: #f19615;
}
#category_list button .feed-icon {
width: 15px;
padding: 5px 4px 5px 3px;
}
#category_list button:hover {
background-color: #9EA0A5;
}
#category_list .feed-icon {
padding: 6px 4px 7px 6px;
}
a.feed-reader-link {
color: #ffffff !important;;
}
.gsc-search-button {
background-color: #5c656d;
border-radius: 2px;
border: none;
color: #ffffff;
}
input.gsc-input {
width: 95% !important;
height: 20px;
}
form.gsc-search-box {
margin-top: 7px !important;
}
#Gadget1 h2 {
display: none;
}
#Gadget1 {
text-align: left;
}
A-content, .blog-content a {
color: #ffffff;
text-decoration: none;
}
.blog-title, .blog-title a {
font-family: 'Exo 2', sans-serif;
color: #9EA0A5;
text-transform: uppercase;
letter-spacing: 1.5pt;
font-weight: 500;
text-decoration: none;
padding-bottom: 4px;
}
.blog-title a:hover, .blog-content a:hover {
color: #f19615;
}
.blog-list-container .blog-icon {
display: none;
}
/*********** Blog Post Styles ***********/
.post-outer {
margin-bottom: 40px;
}
.date-header {
font-family: 'Exo 2', sans-serif;
font-weight: 700;
color: #9EA0A5;
text-transform: uppercase;
font-size: 9pt;
letter-spacing: 1.5pt;
padding-bottom: 5px;
}
.date-outer {padding: 0;}
.date-outer p a, .date-outer i a, .date-outer .jump-link a, .post-body > a {
color: #ffffff;
box-shadow: 0px 1px 0px 0px #F19615;
text-decoration: none;
}
.post-title, .post-title a {
font-family: 'Exo 2', sans-serif;
font-size: 19pt;
font-weight: 400;
color: #3f7b9f;
text-decoration: none;
padding-bottom: 20px;
box-shadow: none;
}
/* removing box shadows on links with images */
a < img { box-shadow: none !important;}
a[imageanchor] { box-shadow: none !important;}
h3 {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
color: #3f7b9f;
font-size: 14pt;
padding-top: 20px;
line-height: 1.25em;
margin-bottom: 15px;
}
h5 {
font-family: 'Exo 2', sans-serif;
font-weight: 700;
color: #587282;
font-size: 9pt;
text-transform: uppercase;
letter-spacing: 1.5pt;
margin: 0;
padding-top: 10px;
}
pre {
font-family: 'Fira Mono', monospace;
font-size: 10pt !important;
line-height: 1.5em !important;
color: #f19615;
border: 2px solid #5c656d;
padding: 20px;
background-color: #26282a;
margin: 30px 0;
white-space: pre-wrap;       /* css-3 */
white-space: -moz-pre-wrap;  /* Mozilla, since 1999 */
white-space: -pre-wrap;      /* Opera 4-6 */
white-space: -o-pre-wrap;    /* Opera 7 */
word-wrap: break-word;
max-width: 700px;
}
.entry-content h2 {
font-family: 'Exo 2', sans-serif;
font-weight: 400;
color: #3f7b9f;
text-transform: uppercase;
font-size: 17pt;
}
h4 {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
text-transform: uppercase;
color: #9EA0A5;
}
.entry-content, .post-body {
color: #FFFFFF;
font-family: 'Roboto', sans-serif;
font-weight: 300;
font-size: 11.5pt;
line-height: 1.5em !important;
}
.entry-content img {
max-width: 100%;
height: auto;
margin-top: 30px;
margin-bottom: 10px;
}
figcaption {
font-size: 10pt;
color: #ec6e08;
font-weight: 500;
margin-bottom: 30px;
text-align: left;
}
@media (min-width: 950px) {
max-width: 700px;
height: auto;
}
.post-body {
margin-top: 10px;
}
.post-body table {
}
p {
padding: .75em 0;
margin: 0;
}
.post-footer {
margin: 40px 0 15px 0;
}
.post-footer-line a, .comment-author a, .comment-timestamp a, .comment-footer a {
text-decoration: none;
box-shadow: none;
color: #f19615;
}
.post-footer-line, .comment-author, .comment-timestamp, .comment-footer {
color: #9EA0A5;
font-size: 9pt;
letter-spacing: 1.5pt;
font-family: 'Exo 2', sans-serif;
font-weight: 400;
text-transform: uppercase;
}
.post {
margin: .5em 0 1.5em;
border-bottom: 1px solid #5c656d;
padding-bottom: 1.5em;
}
#comments {
border-bottom: 1px solid #5c656d;
padding: 20px 0;
margin-bottom: 40px;
}
.comment {
border-bottom: 1px solid #5c656d;
}
#comments .blogger-comment-icon, .blogger-comment-icon {
padding: 0;
background: none;
}
.comment-author {
border-top: 1px solid #5c656d;
padding-top: 20px !important;
}
.comments .avatar-image-container {
display:none;
}
.comment-header .user, .comment-header .user a {
color: #f19615;
font-family: 'Exo 2', sans-serif;
font-weight: 500 !important;
text-transform: uppercase;
box-shadow: none;
}
.comment-header .datetime, .comment-header .datetime a {
color: #9EA0A5;
font-family: 'Exo 2', sans-serif;
font-weight: 300;
text-transform: uppercase;
box-shadow: none;
}
.comments .comment-replybox-thread {
margin-top: 40px;
}
h4 {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
text-transform: uppercase;
color: #9EA0A5;
}
img.email {
width: 25px;
height: auto;
}
.blog-pager, .feed-links {
color: #9EA0A5;
font-size: 9pt;
letter-spacing: 1.5pt;
font-family: 'Exo 2', sans-serif;
font-weight: 400;
text-transform: uppercase;
}
.blog-pager a, .feed-links a {
box-shadow: none;
color: #f19615;
}
.social-media-share a {
box-border: none !important;
}
.social-media-share {
margin-top: 15px;
display: flex;
}
.social-media-share img {
width: 25px;
height: 25px;
margin-right: 15px;
}
.social-media-share span {
font-family: 'Exo 2', sans-serif;
font-weight: 500;
text-transform: uppercase;
color: #9EA0A5;
}
.social-media-share .linkedin img{
width: 30px;
height: unset;
position: relative;
top: -3px;
}
.social-call {
float: left;
padding-top: 4px;
margin-right: 15px;
}
iframe {
margin: 20px 0;
max-width: 100%;
}
/****** Search & Label Filter Results ****/
.status-msg-wrap {
width: 100%;
border-bottom: 1px solid #5c656d;
text-align: left;
padding-bottom: 10px;
margin-bottom: 20px;
}
.status-msg-body {
text-align: left;
font-family: 'Roboto', sans-serif;
font-weight: 300;
text-transform: none;
}
.status-msg-body a {
text-decoration: none;
color:  #3f7b9f;
font-weight: 500;
}
.status-msg-body b {
color:  #f19615;
}
.status-msg-bg {
background-color: transparent;
}
.status-msg-border {
border: none;
}
#uds-searchControl .gsc-results {
background-color: transparent !important;
border-bottom: 2px solid #5c656d !important;
border-top: 0 !important;
border-left: 0 !important;
border-right: 0 !important;
}
.gsc-result {
margin-bottom: 10px !important;
padding-bottom: 10px !important;
}
.gs-relativePublishedDate {
font-family: "Exo 2",sans-serif;
font-weight: 500;
font-size: 9pt;
color: #9EA0A5 !important;
text-transform: uppercase;
letter-spacing: 1.5pt;
}
#uds-searchControl .gs-result .gs-title, #uds-searchControl .gs-result .gs-title *, #uds-searchControl .gsc-results .gsc-trailing-more-results, #uds-searchControl .gsc-results .gsc-trailing-more-results * {
font-family: "Exo 2",sans-serif;
font-weight: 700;
text-transform: uppercase;
letter-spacing: 1.5pt;
color:  #6a8596 !important;
text-decoration: none !important;
}
#uds-searchControl .gs-result .gs-title b {
color: #F19615 !important;
}
.gs-visibleUrl a.gs-visibleUrl {
color: #ffffff !important;
text-decoration: none;
box-shadow: 0px 1px 0px 0px #F19615;
line-height: 2em !important;
}
.gsc-url-bottom .gs-visibleUrl {
color: #F19615 !important;
font-weight: 700;
line-height: 2em !important;
text-decoration: underline;
}
#uds-searchControl .gsc-cursor-current-page {
color: #ffffff;
}
.gs-snippet {
padding-top: 5px !important;
}
#uds-searchControl .gsc-tabHeader.gsc-tabhActive {
background-color: #9EA0A5;
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
}
#uds-searchControl .gsc-tabHeader.gsc-tabhInactive {
background-color: #5c656d;
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
}
#uds-searchControl .gsc-tabHeader.gsc-tabhActive, #uds-searchControl .gsc-tabHeader.gsc-tabhInactive {
border: none !important;
border-top-left-radius: 4px;
border-top-right-radius: 4px;
font-weight: 600;
color: #212224;
padding: 3px 10px;
margin: 0 2px 0 0;
}
.gsc-tabsArea {
margin-bottom: 0 !important;
}
.gsc-above-wrapper-area {
padding: 5px 0 1px 0 !important;
border-bottom: 2px solid #9EA0A5 !important;
}
#uds-searchControl .gsc-cursor-current-page {
color: #ffffff !important;
}
.gsc-results .gsc-cursor-box .gsc-cursor-page {
text-decoration: none !important;
color: #9EA0A5 !important;
}
#uds-searchClearResults {
height: 15px !important;
width: 15px !important;
border-width: 2px !important;
}
.gsc-result-info {
color: #ffffff !important;
}
.gsc-webResult .gsc-result {
border-bottom: 1px solid #5c656d !important;
}
.gs-per-result-labels {
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
font-size: 9pt;
color: #9EA0A5 !important;
font-weight: 500;
}
.gs-webResult div.gs-per-result-labels a.gs-label {
text-transform: uppercase;
font-family: "Exo 2",sans-serif;
font-size: 9pt;
color: #3f7b9f !important;
font-weight: 700;
text-decoration: none !important;
}
#Navbar1 {display:none!important;}
## Fix for lightbox preview
.CSS_LIGHTBOX {
z-index: 9999 !important;
}
#### Edits for EU Cookie Notice
.cookie-choices-info {
background-color:#5c656d !important;
}
#cookieChoiceInfo {
z-index:99999 !important;
}
.cookie-choices-info .cookie-choices-text{
color:#fff !important;
}
.cookie-choices-info .cookie-choices-button{
background-color: #ef6f09 !important;
color:#fff !important;
}
/* Styles for the Threat Roundup Posts here */
.threat-roundup-content table {
font-weight: 300;
font-family: 'Roboto', sans-serif;
font-size: 10pt;
text-align: left;
border: none;
border-collapse: collapse !important;
width: 100%;
margin-bottom: 40px;
}
.threat-roundup-content table th {
text-transform: uppercase;
font-weight: 400;
background-color: #3e4145;
color: #b9b9b9;
}
.threat-roundup-content table th, .threat-roundup-content table td {
padding: 4px 8px;
vertical-align: top;
}
.threat-roundup-content table.threats-table td {
padding-top: 8px;
padding-bottom: 8px;
line-height: 1.35em;
}
.threat-roundup-content table > tbody > tr:nth-of-type(odd) {
background-color: #2e3135;
}
hr.thin {
border-color: grey;
border-style: solid;
margin: 15px 0;
}
.screenshot-section + hr.thin {
margin-bottom: 40px;
}
.threat-roundup-content h2 {
margin: 40px 0;
}
.threat-roundup-content code {
font-family: 'Fira Mono', monospace;
color: #f19615;
font-weight: 300;
font-size: 8.75pt;
}
.threat-roundup-content td code {
word-break: break-all;
}
.threat-name-col {
color: #f19615;
font-weight: 400;
}
.text-center {
text-align: center;
}
.code {
background-color: #26282a;
color: #f19615;
border: 2px solid #5c656d;
padding: 20px;
margin: 10px 0 40px 0;
}
.code code {
line-height: 1.65;
}
.threat-table-note {
font-size: 9pt;
margin-top: -36px;
margin-bottom: 36px;
}
.coverage-check img {
width: 20px;
height: auto;
margin: -3px 0 !important;
}
.coverage-na {
font-style: italic;
}
.threat-coverage-table {
margin: auto;
max-width: 400px;
}
table.threat-coverage-table td, table.threat-coverage-table th {
padding: 6px 20px;
}
.screenshot-section h4 {
color: #f19615;
font-weight: 400;
margin-bottom: 8px;
}
.screenshot-section img {
margin: 0 auto 40px auto;
}
.amp-section img {
max-width: 350px;
}
table.exploit-prev-table {
margin-top: 40px;
}
table.exploit-prev-table td {
font-size: 8.75pt;
line-height: 1.5em;
padding: 8px 8px 16px 8px;
}
table.exploit-prev-table td.detection-col {
font-size: 9.5pt;
padding: 4px 8px;
}
.detection-col .threat-name-col {
font-weight: 500;
}
.button-link {
box-shadow: none !important;
}
.blog-podcast-button {
border-radius: 2px;
color: #fff;
border: none;
background-color: #5c656d;
line-height: 2em;
padding: 4px 16px 4px 12px;
margin-bottom: 20px;
margin-top: 10px;
}
.blog-podcast-button img {
width: 20px;
height: 20px;
margin: 0;
float: left;
padding-right: 4px;
padding-top: 3px;
}

--></style>
<link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1029833275466591797&amp;zx=d9a55822-b3b5-497c-93d7-53d0021109e3' media='none' onload='if(media!=&#39;all&#39;)media=&#39;all&#39;' rel='stylesheet'/><noscript><link href='https://www.blogger.com/dyn-css/authorization.css?targetBlogID=1029833275466591797&amp;zx=d9a55822-b3b5-497c-93d7-53d0021109e3' rel='stylesheet'/></noscript>
<meta name='google-adsense-platform-account' content='ca-host-pub-1556223355139109'/>
<meta name='google-adsense-platform-domain' content='blogspot.com'/>

<script type="text/javascript" language="javascript">
  // Supply ads personalization default for EEA readers
  // See https://www.blogger.com/go/adspersonalization
  adsbygoogle = window.adsbygoogle || [];
  if (typeof adsbygoogle.requestNonPersonalizedAds === 'undefined') {
    adsbygoogle.requestNonPersonalizedAds = 1;
  }
</script>


</head>
<body>
<div class='no-items section' id='header'></div>
<!-- Begin Navigation -->
<nav id='nav'>
<!-- Top navigation section: Account links / sign in -->
<div id='top-nav-bar'>
<ul class='top-nav-links-wrapper'>
<li>
</li>
</ul>
</div>
<!-- Main Navigation -->
<div id='navigation'>
<div id='mobile-nav-topper'>
<a href='https://www.talosintelligence.com'>
<!-- TALOS MOBILE ICON 'O' -->
<svg height='55px' viewBox='0 0 55 55' width='55px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g>
<g class='mobile-nav-home'>
<path clip-rule='evenodd' d='M45.201,12.343c0.378,0.48,0.758,0.925,1.096,1.401    c2.975,4.207,4.543,8.876,4.494,14.044c-0.05,5.452-1.643,10.386-5.186,14.593c-3.484,4.133-7.929,6.73-13.182,7.895    c-6.313,1.398-12.216,0.275-17.695-3.131c-0.441-0.273-0.847-0.6-1.266-0.904c-0.11-0.078-0.208-0.174-0.337-0.287    c0.127-0.141,0.246-0.27,0.366-0.398c0.887-0.949,1.765-1.904,2.663-2.844c0.114-0.119,0.321-0.217,0.485-0.217    c3.658-0.006,7.318,0,10.975,0.008c3.458,0.006,6.913,0.02,10.369,0.02c0.957,0,1.871-0.193,2.62-0.844    c0.797-0.693,1.157-1.596,1.157-2.643c0.001-7.533,0.003-15.067-0.005-22.601c-0.002-0.309,0.088-0.524,0.3-0.743    C43.098,14.598,44.127,13.49,45.201,12.343' fill='#FFFFFF' fill-rule='evenodd'></path>
<path clip-rule='evenodd' d='M41.402,8.822c-0.99,1.027-1.994,2.021-2.935,3.072    c-0.312,0.35-0.616,0.416-1.036,0.415c-6.98-0.009-13.957-0.007-20.938-0.007c-2.039,0-3.561,1.514-3.561,3.557    c0,6.504,0.002,13.008,0.006,19.512c0.002,0.973,0.011,1.943,0.004,2.914c0,0.133-0.04,0.301-0.127,0.393    c-1.069,1.162-2.15,2.314-3.229,3.469c-0.021,0.023-0.052,0.039-0.109,0.08c-0.159-0.188-0.323-0.369-0.471-0.562    c-2.535-3.348-4.119-7.102-4.605-11.268c-0.61-5.229,0.194-10.229,2.835-14.839c2.669-4.664,6.655-7.805,11.618-9.75    c3.205-1.257,6.533-1.852,9.977-1.621c4.478,0.298,8.553,1.754,12.227,4.325c0.101,0.072,0.197,0.151,0.291,0.229    C41.364,8.755,41.374,8.778,41.402,8.822' fill='#FFFFFF' fill-rule='evenodd'></path>
<path clip-rule='evenodd' d='M39.799,12.47c0.873-0.911,1.749-1.829,2.676-2.797    c0.605,0.564,1.195,1.112,1.816,1.691c-0.941,0.985-1.817,1.903-2.703,2.83c-0.276-0.339-0.511-0.688-0.807-0.975    C40.492,12.941,40.145,12.728,39.799,12.47' fill='#FFFFFF' fill-rule='evenodd'></path>
<path clip-rule='evenodd' d='M10.35,43.279c0.969-1.016,1.885-1.977,2.76-2.893    c0.213,0.369,0.376,0.762,0.639,1.072c0.265,0.312,0.627,0.539,0.98,0.832c-0.853,0.891-1.713,1.791-2.624,2.746    C11.513,44.445,10.939,43.869,10.35,43.279' fill='#FFFFFF' fill-rule='evenodd'></path>
</g>
</g>
</svg>
<!-- END ICON -->
</a>
</div>
<!-- Cisco | Talos logos -->
<div class='navigation-logos-wrapper'>
<div id='cisco-logo-wrapper'></div>
<div id='talos-logo-wrapper'>
<a href='https://www.talosintelligence.com'>
<!-- TALOS LOGO -->
<!-- Generator: Adobe Illustrator 26.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg id='Layer_1' style='enable-background:new 0 0 3361.3 912.4;' version='1.1' viewBox='0 0 3361.3 912.4' x='0px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' y='0px'>
<style type='text/css'>
	.st0{display:none;}
	.ukraine_yellow{fill:#FCB83D;}
	.ukraine_blue{fill:#006DB6;}
</style>
<g class='st0' id='scaffold'>
</g>
<g>
<path class='ukraine_yellow' d='M1342.8,795.4c-0.1-20.7-0.2-41.3-0.2-62c-0.1-62.8-0.3-125.6-0.3-188.5c0-29.8-0.1-59.7-0.1-89.5h-97.5   c0,53.5-0.2,106.9-0.7,160.4c-0.1,10-1.4,20.4-4.1,30c-8.3,29.8-25.9,51.8-56.5,60.6c-10.4,3-21.6,4.3-32.5,4.4   c-63.5,0.4-127,0.2-190.5,0.2c-5.8,0-11.7,0.2-17.5,0.7c-39.7,3.1-70.5-18.3-80.8-56.7c-8.2-30.7-4-60.6,8-89.4   c15.4-36.8,40.5-64.3,78.6-78.4c17.8-6.6,36.3-7.1,55.1-7c72.3,0.3,144.6,0,217,0c1.8,0,3.5,0,5.1,0c0-8.3,0-16.6,0-24.9H836.4   c-26.4,28-46,61.3-60,98.4c-15.9,42-16.3,86-8.5,130.1c4.3,24.7,13,47.5,29.9,66.6c28.1,31.8,64.5,46.6,106,48.6   c29.4,1.4,59,1.2,88.4,1.1c61-0.1,121.9,0,182.9-1.2c34-0.7,65.4-10,90.5-35.2c21.3,18.3,46.2,29.1,73.2,36.8h4   C1342.8,798.5,1342.8,797,1342.8,795.4z'></path>
<path class='ukraine_yellow' d='M465.1,793.9c0-112.8,0-225.6,0-338.4H359.4c0,81.4,0,162.7,0,244.1c0,25.8,7,49,25.5,67.9   c15.5,15.9,34.9,24.8,56.2,29.6c6.9,1.6,14,2.4,21.5,3.6h2.5C465.1,797.7,465.1,795.8,465.1,793.9z'></path>
<path class='ukraine_yellow' d='M2896.8,494.3c76.3,0.9,152.6,0.3,229,0.3c3.5,0,7,0.1,10.5,0.3c24,1.3,39.4,17.8,39.6,42.1   c0.2,27.5,0.8,55,0.9,82.5c0.1,13,0.6,26.1-1.1,38.9c-3.4,25.2-25.5,43.4-50.8,43.5c-47.7,0.1-95.3,0.2-143,0.2   c-55.5,0-111,0.1-166.5-0.1c-7.5,0-13.9,1.6-20.3,5.3c-34.2,19.6-61.1,45.9-76.7,82.7c-1.4,3.4-2.4,6.9-3.7,10.9h427.6   c5.5-0.2,11-0.7,16.4-1.4c70-9.3,107.2-69.5,112.1-115.8c1.4-13.2,0.4-26.6,0.4-39.9c-0.1-39.5-0.2-79-0.4-118.5   c-0.1-17.5-2.6-34.7-10.5-50.4c-3.5-6.9-7.3-13.3-11.5-19.1h-444.5C2828.2,482.4,2860.4,493.8,2896.8,494.3z'></path>
<polygon class='ukraine_yellow' points='3251.7,800.6 3251.7,776.9 3260.5,776.9 3260.5,771.4 3235.9,771.4 3235.9,776.9 3244.5,776.9    3244.5,800.6  '></polygon>
<polygon class='ukraine_yellow' points='3279.4,791.9 3272.8,771.4 3263.5,771.4 3263.5,800.6 3270.6,800.6 3270.6,794 3269.9,779.9    3277,800.6 3281.8,800.6 3288.9,779.9 3288.2,794 3288.2,800.6 3295.3,800.6 3295.3,771.4 3285.9,771.4  '></polygon>
<path class='ukraine_yellow' d='M2403.3,792.4c77.5-17.2,143.1-55.5,194.5-116.5c52.3-62.1,75.8-134.9,76.5-215.3c0-1.7,0-3.4,0-5.1h-133.2   c0,57,0,114.1,0,171.1c0,15.4-5.3,28.8-17.1,39c-11,9.6-24.5,12.4-38.6,12.4c-51,0-102-0.2-153-0.3c-54-0.1-108-0.2-162-0.1   c-2.4,0-5.5,1.4-7.2,3.2c-13.2,13.9-26.2,28-39.3,42c-1.8,1.9-3.5,3.8-5.4,5.9c1.9,1.7,3.4,3.1,5,4.2c6.2,4.5,12.2,9.3,18.7,13.3   c53,33,108.8,51.5,167.2,54.4h33.7C2362.9,799.7,2383,796.9,2403.3,792.4z'></path>
<path class='ukraine_yellow' d='M2118.4,646.5c-12.9,13.5-26.4,27.7-40.7,42.7c8.7,8.7,17.2,17.2,25.9,25.9c13.5-14.1,26.1-27.4,38.7-40.5   c-5.2-4.3-10.5-7.7-14.4-12.3C2123.9,657.7,2121.5,651.9,2118.4,646.5z'></path>
<path class='ukraine_yellow' d='M1584.6,455.5h-106.8c0,81.9,0,163.7,0,245.6c0,6.8,0.4,13.7,1.3,20.4c5.9,46.5,42.1,78.6,88.5,78.6   c144.6,0,289.3,0,433.9,0c1.7,0,3.5,0,5.5,0c-0.9-15.3-4.1-29.2-9.2-42.6c-14-36.3-41.2-60.8-86.9-60.5   c-94.1,0.5-188.3,0-282.4-0.1c-22.3,0-34-8.9-39.7-30.3c-4.7-17.6-4.2-35.6-4.2-53.6C1584.6,560.5,1584.6,508,1584.6,455.5z'></path>
<path class='ukraine_yellow' d='M1989.8,499.1c7.2,61.5,30.6,116.9,68,166.3c2.2,2.9,4.6,5.5,6.9,8.3c0.9-0.6,1.3-0.8,1.6-1.2   c15.9-17,31.9-34,47.7-51.2c1.3-1.4,1.8-3.8,1.9-5.8c0.1-14.3,0-28.7,0-43c0-39,0-78-0.1-117H1987   C1987.2,469.9,1988.1,484.4,1989.8,499.1z'></path>
</g>
<g>
<path class='ukraine_blue' d='M2804.2,455.5h444.5c-23.8-33-58.9-48.6-100.8-49.9c-68.6-2.2-137.3-1-205.9-1.2c-13.7-0.1-27.3,0-41-0.3   c-11.6-0.3-21.4-4.7-28.1-14.6c-5.6-8.4-8.8-17.5-8.1-27.8c2.7-39.9,5.2-79.8,8.2-119.7c1.1-14.5,7.2-27,18.5-36.5   c12.5-10.4,27.4-13.2,43-13.2c87.2,0,174.3-0.3,261.5,0.3c13.8,0.1,24.9-3.9,35.3-12c0.9-0.7,1.9-1.4,2.8-2.1   c20.6-16.7,32.5-37.9,33.8-65.4c-2,0-3.3,0-4.6,0c-62-0.2-124-0.5-185.9-0.8c-42.7-0.2-85.3-0.5-128-0.5c-17.3,0-34.8-0.3-51.9,1.7   c-40.6,4.7-73.8,23-96.5,57.8c-10.8,16.6-19.1,34.5-20.3,54.6c-2.8,44.9-5,89.8-7.7,134.7c-1.8,30.8,5.1,59.4,23.1,84.6   C2798.6,448.9,2801.4,452.3,2804.2,455.5z'></path>
<path class='ukraine_blue' d='M1226,455.5c0-22.1,0-44,0-66c-2.6,0-4.7,0-6.8,0c-81,0-162,0.1-243,0c-33.4,0-64.3,8.6-92.3,26.6   c-17.9,11.5-33.6,24.7-47.5,39.4H1226z'></path>
<path class='ukraine_blue' d='M1584.6,455.5c0-81.1,0-162.2-0.1-243.4c0-24.5-7.6-46.3-25.1-63.9c-22.3-22.3-50.3-31.4-81.7-34.8   c0,3,0,5.2,0,7.3c0,111.6,0,223.1,0,334.7H1584.6z'></path>
<path class='ukraine_blue' d='M184.3,197.1c17.7,1.4,35.6,0.9,53.4,1c29,0.1,58,0,87,0c9,0,17.3,2.5,23.3,9.6c7.3,8.6,11.4,18.4,11.4,30.1   c-0.1,72.6-0.1,145.2-0.1,217.8h105.7c0-71.5,0-143,0-214.5c0-4,0.3-8,1.2-11.9c4.1-18.4,17.1-30.5,33.9-30.7   c25.3-0.2,50.6,0.4,76,0.4c21.5,0,43.1,1.1,64.4-0.8c44.5-3.9,75.5-27.3,91.8-69.2c2.2-5.7,3.5-11.7,5.4-18   c-216.3,0-431.7,0-647.9,0c0.4,2.7,0.6,5,1.1,7.3C100.4,162.1,137,193.5,184.3,197.1z'></path>
<path class='ukraine_blue' d='M2541,293.1c0.1,54.1,0.1,108.2,0.1,162.4h133.2c-0.3-74.2-23.4-141.4-66.3-202.1c-5-7-10.6-13.6-16.1-20.7   c-15.9,16.9-31,33.3-46.4,49.4C2542.4,285.4,2541,288.6,2541,293.1z'></path>
<path class='ukraine_blue' d='M2115.8,455.5c0-57,0-113.9,0-170.9c0-30.1,22.5-52.5,52.5-52.5c103,0,205.9,0,308.9,0.1   c6.2,0,10.7-1,15.3-6.1c13.9-15.5,28.7-30.2,43.3-45.3c-0.4-0.7-0.5-1-0.8-1.2c-1.4-1.2-2.8-2.3-4.3-3.4   c-54.2-37.9-114.3-59.4-180.4-63.8c-50.8-3.4-99.9,5.4-147.2,23.9c-73.2,28.7-132,75.1-171.4,143.9   c-31.5,55.1-45.3,113.9-44.7,175.3H2115.8z'></path>
<path class='ukraine_blue' d='M2526.7,245.7c4.4,4.2,7.8,9.4,11.9,14.4c13.1-13.7,26-27.2,39.9-41.8c-9.2-8.5-17.8-16.6-26.8-25   c-13.7,14.3-26.6,27.8-39.5,41.3C2517.2,238.4,2522.4,241.6,2526.7,245.7z'></path>
<path class='ukraine_blue' d='M894.7,191.4c2.1,1.1,4.7,1.5,7.1,1.6c14.2,0.1,28.3,0.1,42.5,0.1c60-0.2,120-0.2,179.9-0.6   c19.7-0.1,38.8,1.8,57.1,9.8c39.5,17.4,62,46.6,62.5,90.8c0.5,46.3,0.8,92.6,0.8,138.9c0,7.8,0,15.7,0,23.5h97.5   c0-50.8-0.1-101.6-0.3-152.4c-0.1-14.5-1-29-3-43.3c-4.6-34.3-17.3-65.2-42-90.3c-22.6-22.9-50.6-36.4-81.1-45.2   c-34.4-9.9-69.7-13.4-105.2-13.6c-34-0.2-68,0.8-101.9,0.9c-53.8,0.2-107.6,0-161.5,0c-1.9,0-3.9,0-5.8,0c-0.2,1.2-0.3,1.7-0.3,2.1   C846.2,148.4,863.4,174.9,894.7,191.4z'></path>
</g>
</svg>
<!-- END TALOS LOGO -->
</a>
</div>
</div>
<!-- Main Site Navigation Links -->
<div class='navigation-links-wrapper'>
<ul class='main-nav-list'>
<!-- Sofware -->
<li class='nav-item '>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/software'>
<!-- SOFTWARE ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='tools-icon'>
<path d='M24.7-0.062H1.3C0.583-0.062,0,0.521,0,1.241v17.393c0,0.721,0.583,1.304,1.3,1.304h23.4   c0.719,0,1.3-0.583,1.3-1.304V1.241C26,0.521,25.419-0.062,24.7-0.062z M23.604,13.027c-0.063,0.058-0.151,0.077-0.232,0.052   L20.2,12.104c-0.024-0.008-0.052,0.007-0.06,0.032l-0.806,2.62c-0.008,0.025,0.006,0.048,0.023,0.057l3.201,0.984   c0.08,0.024,0.142,0.091,0.161,0.172c0.02,0.082-0.006,0.169-0.067,0.227c-1.106,1.063-2.77,1.309-4.137,0.609   c-1.207-0.616-1.918-1.825-1.961-3.093L7.858,9.268C6.806,9.976,5.41,10.107,4.202,9.49C3.249,9.002,2.564,8.124,2.328,7.076   C2.309,6.994,2.335,6.907,2.398,6.85c0.062-0.058,0.149-0.078,0.231-0.053l3.172,0.975c0.025,0.008,0.052-0.006,0.06-0.032   l0.805-2.621C6.673,5.094,6.66,5.071,6.642,5.063L3.441,4.078C3.361,4.053,3.3,3.988,3.28,3.906   C3.26,3.824,3.286,3.737,3.347,3.679c1.108-1.063,2.77-1.308,4.138-0.609c1.207,0.618,1.918,1.826,1.961,3.093l8.697,4.445   c1.053-0.708,2.448-0.84,3.655-0.223c0.955,0.488,1.638,1.367,1.876,2.414C23.692,12.883,23.665,12.969,23.604,13.027z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Software</span>
</a>
</div>
</li>
<!-- Vulnerability Information -->
<li class='nav-item '>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/vulnerability_info'>
<!-- VULNERABILITY INFO ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='vuln-icon'>
<path d='M24.256,18.49L13.872,0.503C13.692,0.192,13.36,0,13,0c-0.359,0-0.692,0.192-0.872,0.503L1.744,18.49  c-0.18,0.312-0.18,0.695,0,1.006C1.924,19.809,2.257,20,2.616,20h20.769c0.359,0,0.691-0.191,0.871-0.504  C24.436,19.186,24.436,18.803,24.256,18.49 M14.268,18.215h-2.533v-1.85h2.533V18.215z M14.268,15.441h-2.533L10.89,6.515h4.222  L14.268,15.441z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Vulnerability<span class='break'><br/></span> Information</span>
</a>
</div>
<input class='sub-nav-trigger' id='vuln-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='vuln-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://www.talosintelligence.com/vulnerability_info'>
<h1>Vulnerability Information</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='vuln-sub-trigger'>BACK</label></li>
<li><a href='https://www.talosintelligence.com/vulnerability_reports'>Vulnerability Reports</a></li>
<li><a href='https://www.talosintelligence.com/ms_advisories'>Microsoft Advisories</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- VULNERABILITY INFO ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='vuln-icon'>
<path d='M24.256,18.49L13.872,0.503C13.692,0.192,13.36,0,13,0c-0.359,0-0.692,0.192-0.872,0.503L1.744,18.49  c-0.18,0.312-0.18,0.695,0,1.006C1.924,19.809,2.257,20,2.616,20h20.769c0.359,0,0.691-0.191,0.871-0.504  C24.436,19.186,24.436,18.803,24.256,18.49 M14.268,18.215h-2.533v-1.85h2.533V18.215z M14.268,15.441h-2.533L10.89,6.515h4.222  L14.268,15.441z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Reputation Center -->
<li class='nav-item '>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/reputation'>
<!-- REPUTATION CENTER ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='center-icon'>
<path d='M24.7,0H1.3C0.582,0,0,0.585,0,1.308v17.384C0,19.415,0.582,20,1.3,20h23.4c0.718,0,1.3-0.585,1.3-1.308   V1.308C26,0.585,25.418,0,24.7,0z M21.75,10.5h-1.9c-0.246,3.392-2.958,6.104-6.35,6.35v1.9h-1v-1.9   c-3.392-0.246-6.104-2.958-6.35-6.35h-1.9v-1h1.9c0.246-3.392,2.958-6.104,6.35-6.35v-1.9h1v1.9c3.392,0.246,6.104,2.958,6.35,6.35   h1.9V10.5z' fill='#9EA0A5'></path>
<path d='M18.85,9.5c-0.241-2.84-2.509-5.108-5.35-5.35v2.184h-1V4.15C9.66,4.392,7.392,6.66,7.15,9.5h2.184v1H7.15   c0.241,2.841,2.509,5.108,5.35,5.35v-2.184h1v2.184c2.841-0.241,5.108-2.509,5.35-5.35h-2.184v-1H18.85z M13,11.984   c-1.096,0-1.984-0.888-1.984-1.984c0-1.096,0.888-1.984,1.984-1.984c1.097,0,1.984,0.888,1.984,1.984   C14.984,11.097,14.097,11.984,13,11.984z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Reputation<span class='break'><br/></span> Center</span>
</a>
</div>
<input class='sub-nav-trigger' id='reputation-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='reputation-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://www.talosintelligence.com/reputation'>
<h1>Reputation Center</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='reputation-sub-trigger'>BACK</label></li>
<li><a data-method='get' href='https://www.talosintelligence.com/reputation_center'>IP & Domain Reputation</a></li>
<li><a href='https://www.talosintelligence.com/talos_file_reputation'>Talos File Reputation</a></li>
<li><a href='https://www.talosintelligence.com/support'>Reputation Support</a></li>
<li><a href='https://www.talosintelligence.com/secure-endpoint-naming'>Secure Endpoint Naming Conventions</a></li>
<li><a href='https://www.talosintelligence.com/categories'>Intelligence Categories</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- REPUTATION CENTER ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='center-icon'>
<path d='M24.7,0H1.3C0.582,0,0,0.585,0,1.308v17.384C0,19.415,0.582,20,1.3,20h23.4c0.718,0,1.3-0.585,1.3-1.308   V1.308C26,0.585,25.418,0,24.7,0z M21.75,10.5h-1.9c-0.246,3.392-2.958,6.104-6.35,6.35v1.9h-1v-1.9   c-3.392-0.246-6.104-2.958-6.35-6.35h-1.9v-1h1.9c0.246-3.392,2.958-6.104,6.35-6.35v-1.9h1v1.9c3.392,0.246,6.104,2.958,6.35,6.35   h1.9V10.5z' fill='#9EA0A5'></path>
<path d='M18.85,9.5c-0.241-2.84-2.509-5.108-5.35-5.35v2.184h-1V4.15C9.66,4.392,7.392,6.66,7.15,9.5h2.184v1H7.15   c0.241,2.841,2.509,5.108,5.35,5.35v-2.184h1v2.184c2.841-0.241,5.108-2.509,5.35-5.35h-2.184v-1H18.85z M13,11.984   c-1.096,0-1.984-0.888-1.984-1.984c0-1.096,0.888-1.984,1.984-1.984c1.097,0,1.984,0.888,1.984,1.984   C14.984,11.097,14.097,11.984,13,11.984z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Library -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/resources'>
<!-- LIBRARY ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='library-icon'>
<g>
<rect fill='#9EA0A5' height='0.882' width='5.438' x='7.389' y='9.446'></rect>
<rect fill='#9EA0A5' height='0.883' width='5.438' x='7.389' y='13.887'></rect>
<rect fill='#9EA0A5' height='0.882' width='5.438' x='7.389' y='7.226'></rect>
<rect fill='#9EA0A5' height='0.883' width='5.438' x='7.389' y='11.666'></rect>
<path d='M24.7,0H1.3C0.583,0,0,0.56,0,1.25v17.499C0,19.44,0.583,20,1.3,20h23.4c0.719,0,1.3-0.56,1.3-1.251V1.25    C26,0.56,25.419,0,24.7,0z M14.32,15.852c0,0.275-0.222,0.498-0.498,0.498H6.665c-0.274,0-0.497-0.223-0.497-0.498V6.144    c0-0.276,0.222-0.499,0.497-0.499h7.157c0.276,0,0.498,0.223,0.498,0.499V15.852z M19.832,13.564c0,0.273-0.222,0.496-0.497,0.496    h-3.768v-1.578h2.771V11.6h-2.771v-1.339h2.771V9.38h-2.771V8.041h2.771V7.159h-2.771V6.144c0-0.111-0.01-0.219-0.03-0.325h2.802    V4.938h-3.257c-0.318-0.332-0.764-0.54-1.26-0.54H11.68V3.856c0-0.275,0.222-0.499,0.498-0.499h7.158    c0.275,0,0.497,0.224,0.497,0.499V13.564z' fill='#9EA0A5'></path>
</g>
</g>
</svg>
<!-- END ICON -->
<span>Library</span>
</a>
</li>
<!-- Support -->
<li class='nav-item'>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://www.talosintelligence.com/community'>
<!-- SUPPORT ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='community-icon'>
<g>
<path d='M24.7-0.062H1.3C0.582-0.062,0,0.521,0,1.241v17.393c0,0.72,0.582,1.304,1.3,1.304h23.4    c0.718,0,1.3-0.584,1.3-1.304V1.241C26,0.521,25.418-0.062,24.7-0.062z M18.911,12.189c0,1.98-5.911,5.461-5.911,5.461    s-5.911-3.208-5.911-5.461c0-2.251,0-8.189,0-8.189L13,2.361L18.911,4C18.911,4,18.911,10.21,18.911,12.189z' fill='#9EA0A5'></path>
<polygon fill='#9EA0A5' points='9.671,8.763 8.275,10.16 11.77,13.655 13.166,12.259 17.726,7.699 16.384,6.357 11.824,10.917       '></polygon>
</g>
</g>
</svg>
<!-- END ICON -->
<span>Support</span>
</a>
</div>
<input class='sub-nav-trigger' id='community-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='community-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://www.talosintelligence.com/community'>
<h1>Support Communities</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='community-sub-trigger'>BACK</label></li>
<li>
<a href='https://www.talosintelligence.com/reputation_center/support#reputation_center_support_ticket'>Reputation Center Support</a>
</li>
<li><a href='https://snort.org/community' target='_blank'>Snort Community</a></li>
<li><a href='https://www.clamav.net/contact.html#ml' target='_blank'>ClamAV Community</a></li>
<li><a href='https://www.spamcop.net/' target='_blank'>SpamCop</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- SUPPORT ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='community-icon'>
<g>
<path d='M24.7-0.062H1.3C0.582-0.062,0,0.521,0,1.241v17.393c0,0.72,0.582,1.304,1.3,1.304h23.4    c0.718,0,1.3-0.584,1.3-1.304V1.241C26,0.521,25.418-0.062,24.7-0.062z M18.911,12.189c0,1.98-5.911,5.461-5.911,5.461    s-5.911-3.208-5.911-5.461c0-2.251,0-8.189,0-8.189L13,2.361L18.911,4C18.911,4,18.911,10.21,18.911,12.189z' fill='#9EA0A5'></path>
<polygon fill='#9EA0A5' points='9.671,8.763 8.275,10.16 11.77,13.655 13.166,12.259 17.726,7.699 16.384,6.357 11.824,10.917       '></polygon>
</g>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Incident Response -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/incident_response'>
<!-- INCIDENT RESPONSE ICON -->
<svg height='20px' id='Layer_1' version='1.1' viewBox='0 0 26 20' width='26px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink'>
<g class='nav-icon' id='nav-ir-icon'>
<path d='M24.7,0H1.3C0.6,0,0,0.6,0,1.2v17.5C0,19.4,0.6,20,1.3,20h23.4c0.7,0,1.3-0.6,1.3-1.3V1.2   C26,0.6,25.5,0,24.7,0z M7.9,8.9c0-2.9,2.3-5.2,5.1-5.2s5.1,2.3,5.1,5.2v3.5H7.9V8.9z M20.2,15.8c0,0.3-0.2,0.5-0.5,0.5H6.4   c-0.3,0-0.5-0.2-0.5-0.5v-2.1c0-0.3,0.2-0.5,0.5-0.5h13.2c0.3,0,0.5,0.2,0.5,0.5V15.8z' fill='#9EA0A5'></path>
<path d='M13,5.2L13,5.2c-1.8,0-3.6,1.4-3.6,3.3c0,0.1,0,0.2,0.1,0.3c0.1,0.1,0.2,0.1,0.3,0.1s0.2,0,0.3-0.1   c0.1-0.1,0.1-0.2,0.1-0.3c0-1.3,1.4-2.4,2.7-2.4c0.1,0,0.2,0,0.3-0.1c0.1-0.1,0.1-0.2,0.1-0.3s0-0.2-0.1-0.3   C13.3,5.3,13.2,5.2,13,5.2z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Incident Response</span>
</a>
</li>
<!-- Careers -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/careers'>
<!-- CAREERS ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='career-icon'>
<path d='M24.7,0H1.3C0.582,0,0,0.559,0,1.25v17.499C0,19.44,0.582,20,1.3,20h23.4c0.719,0,1.3-0.56,1.3-1.251V1.25   C26,0.559,25.419,0,24.7,0z M4.047,13.736c-0.21-1.287-0.46-3.002-0.41-3.657c0.052-0.687,0.645-1.194,1.76-1.51   c0.278-0.08,0.562-0.139,0.815-0.184l0.104-0.554C5.774,7.357,5.404,6.46,5.404,5.68c0-1.124,0.767-2.037,1.713-2.037   c0.946,0,1.713,0.913,1.713,2.037c0,0.781-0.371,1.677-0.914,2.152l0.104,0.554C8.275,8.431,8.558,8.49,8.837,8.57   c0.427,0.121,0.777,0.27,1.05,0.447c-0.811,0.26-1.462,0.597-1.938,1.004c-0.606,0.52-0.956,1.182-1.012,1.913   c-0.029,0.385-0.002,0.988,0.08,1.803H4.047z M17.618,17.5H8.383c-0.317-1.938-0.692-4.516-0.617-5.502   c0.079-1.031,0.97-1.796,2.648-2.272c0.418-0.118,0.845-0.209,1.227-0.276l0.156-0.833c-0.817-0.715-1.373-2.062-1.373-3.238   c0-1.691,1.153-3.063,2.576-3.063c1.424,0,2.577,1.372,2.577,3.063c0,1.176-0.556,2.524-1.374,3.238L14.36,9.45   c0.382,0.067,0.808,0.158,1.227,0.276c1.679,0.476,2.569,1.241,2.648,2.272C18.311,12.984,17.937,15.562,17.618,17.5z    M21.953,13.736h-2.969c0.082-0.814,0.109-1.418,0.081-1.803c-0.057-0.73-0.406-1.393-1.013-1.913   c-0.476-0.407-1.127-0.745-1.938-1.004c0.272-0.177,0.623-0.326,1.05-0.447c0.279-0.08,0.562-0.139,0.816-0.184l0.104-0.554   c-0.542-0.475-0.913-1.372-0.913-2.152c0-1.124,0.767-2.037,1.713-2.037s1.713,0.913,1.713,2.037c0,0.781-0.369,1.677-0.912,2.152   l0.104,0.554c0.254,0.045,0.537,0.104,0.815,0.184c1.116,0.316,1.708,0.823,1.761,1.51C22.413,10.734,22.164,12.449,21.953,13.736z   ' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Careers</span>
</a>
</li>
<!-- Blog -->
<li class='nav-item active'>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://blog.talosintelligence.com/' id='link_blog'>
<!-- BLOG ICON -->
<svg height='22.25px' viewBox='0 0 26 22.25' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='blog-icon'>
<path d='M24.753,1.356h-2.501l-0.863-0.883C21.091,0.17,20.695,0.002,20.264,0c-0.415,0-0.808,0.16-1.104,0.45  l-0.926,0.906H1.249C0.562,1.356,0,1.917,0,2.604v15.384v0.082v0.568c0,0.717,0.582,1.299,1.3,1.299h15.602l5.297,2.211  l-0.686-2.211H24.7c0.718,0,1.3-0.582,1.3-1.299V18.07v-0.158V2.604C26,1.917,25.438,1.356,24.753,1.356z M6.031,14.773  l13.856-13.58c0.1-0.099,0.233-0.153,0.377-0.153c0.145,0.001,0.279,0.058,0.381,0.161l0.152,0.156l2.089,2.136  c0.102,0.104,0.154,0.24,0.152,0.383c-0.002,0.143-0.06,0.275-0.161,0.374L8.993,17.803l-4.14,1.086L6.031,14.773z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>Blog</span>
</a>
</div>
<input class='sub-nav-trigger' id='blog-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='blog-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://blog.talosintelligence.com/'>
<h1>Blog</h1>
</a>
</li>
<li class='desktop-hide'><label class='subnav-back-button' for='blog-sub-trigger'>BACK</label></li>
<li><a href="https://blog.talosintelligence.com/">Talos Blog</a></li>
<li><a href='https://www.talosintelligence.com/newsletters'>Talos Threat Source Newsletter</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- BLOG ICON -->
<svg height='22.25px' viewBox='0 0 26 22.25' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='blog-icon'>
<path d='M24.753,1.356h-2.501l-0.863-0.883C21.091,0.17,20.695,0.002,20.264,0c-0.415,0-0.808,0.16-1.104,0.45  l-0.926,0.906H1.249C0.562,1.356,0,1.917,0,2.604v15.384v0.082v0.568c0,0.717,0.582,1.299,1.3,1.299h15.602l5.297,2.211  l-0.686-2.211H24.7c0.718,0,1.3-0.582,1.3-1.299V18.07v-0.158V2.604C26,1.917,25.438,1.356,24.753,1.356z M6.031,14.773  l13.856-13.58c0.1-0.099,0.233-0.153,0.377-0.153c0.145,0.001,0.279,0.058,0.381,0.161l0.152,0.156l2.089,2.136  c0.102,0.104,0.154,0.24,0.152,0.383c-0.002,0.143-0.06,0.275-0.161,0.374L8.993,17.803l-4.14,1.086L6.031,14.773z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- Podcasts -->
<li class='nav-item'>
<div class='primary-link-wrapper'>
<a class='primary_nav_link' href='https://talosintelligence.com/podcasts'>
<!-- PODCAST ICON -->
<svg height='20px' id='Layer_1' style='enable-background:new 0 0 26 20;' version='1.1' viewBox='0 0 26 20' width='26px' x='0px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' y='0px'>
<path class='nav-icon' d='M24.7-0.1H1.3C0.6-0.1,0,0.5,0,1.2v17.4c0,0.7,0.6,1.3,1.3,1.3h23.4c0.7,0,1.3-0.6,1.3-1.3V1.2  C26,0.5,25.4-0.1,24.7-0.1z M9.8,5c0-1.8,1.5-3.2,3.2-3.2c1.8,0,3.2,1.5,3.2,3.2v5.8c0,1.8-1.5,3.2-3.2,3.2c-1.8,0-3.2-1.5-3.2-3.2  V5z M18.5,10.7c0,2.8-2.1,5.2-4.9,5.4V17h2.9c0.3,0,0.6,0.3,0.6,0.6s-0.3,0.6-0.6,0.6h-7c-0.3,0-0.6-0.3-0.6-0.6S9.1,17,9.5,17h2.9  v-0.9c-2.8-0.3-4.9-2.7-4.9-5.4V9.1c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6v1.5c0,2.4,1.9,4.3,4.3,4.3s4.3-1.9,4.3-4.3V9.1  c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6V10.7z' fill='#9EA0A5'></path>
</svg>
<!-- END ICON -->
<span>Podcasts</span>
</a>
</div>
<input class='sub-nav-trigger' id='podcast-sub-trigger' type='checkbox'/>
<label class='sub-nav-trigger-label' for='podcast-sub-trigger'>
<!-- SUBNAVIGATION ICON -->
<svg height='47.75px' viewBox='0 0 48.167 47.75' width='48.167px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<circle cx='24.083' cy='23.875' fill='none' opacity='0.4' r='22' stroke='#FFFFFF' stroke-miterlimit='10'></circle>
<g>
<circle cx='24.083' cy='16.068' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='23.875' fill='#FFFFFF' r='2.496'></circle>
<circle cx='24.083' cy='31.682' fill='#FFFFFF' r='2.496'></circle>
</g>
</svg>
<!-- END ICON -->
</label>
<ul class='sub-nav'>
<li class='desktop-hide'>
<a href='https://talosintelligence.com/podcasts'>
<h1>Podcasts</h1>
</a>
</li>
<li><a href='https://talosintelligence.com/podcasts/shows/beers_with_talos'>Beers with Talos</a></li>
<li><a href='https://talosintelligence.com/podcasts/shows/talos_takes'>Talos Takes</a></li>
</ul>
<div class='desktop-hide subnav-overlay'>
<!-- PODCAST ICON -->
<svg height='20px' id='Layer_1' style='enable-background:new 0 0 26 20;' version='1.1' viewBox='0 0 26 20' width='26px' x='0px' xml:space='preserve' xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' y='0px'>
<path class='nav-icon' d='M24.7-0.1H1.3C0.6-0.1,0,0.5,0,1.2v17.4c0,0.7,0.6,1.3,1.3,1.3h23.4c0.7,0,1.3-0.6,1.3-1.3V1.2  C26,0.5,25.4-0.1,24.7-0.1z M9.8,5c0-1.8,1.5-3.2,3.2-3.2c1.8,0,3.2,1.5,3.2,3.2v5.8c0,1.8-1.5,3.2-3.2,3.2c-1.8,0-3.2-1.5-3.2-3.2  V5z M18.5,10.7c0,2.8-2.1,5.2-4.9,5.4V17h2.9c0.3,0,0.6,0.3,0.6,0.6s-0.3,0.6-0.6,0.6h-7c-0.3,0-0.6-0.3-0.6-0.6S9.1,17,9.5,17h2.9  v-0.9c-2.8-0.3-4.9-2.7-4.9-5.4V9.1c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6v1.5c0,2.4,1.9,4.3,4.3,4.3s4.3-1.9,4.3-4.3V9.1  c0-0.3,0.3-0.6,0.6-0.6s0.6,0.3,0.6,0.6V10.7z' fill='#9EA0A5'></path>
</svg>
<!-- END ICON -->
</div>
</li>
<!-- About -->
<li class='nav-item '>
<a class='primary_nav_link' href='https://www.talosintelligence.com/about'>
<!-- ABOUT ICON -->
<svg height='20px' viewBox='0 0 26 20' width='26px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink'>
<g class='nav-icon' id='about-icon'>
<path d='M24.7-0.062H1.3C0.582-0.062,0,0.52,0,1.241v17.393c0,0.72,0.582,1.304,1.3,1.304h23.4   c0.718,0,1.3-0.584,1.3-1.304V1.241C26,0.52,25.418-0.062,24.7-0.062z M18.704,4.58c-0.318,0.335-0.616,0.647-0.918,0.961   c-0.092-0.115-0.172-0.233-0.272-0.332c-0.099-0.093-0.218-0.166-0.334-0.254c0.296-0.31,0.594-0.621,0.908-0.951   C18.294,4.198,18.494,4.384,18.704,4.58z M6.876,15.064c-0.053-0.062-0.109-0.125-0.16-0.189c-0.861-1.139-1.398-2.413-1.564-3.83   c-0.208-1.776,0.066-3.474,0.963-5.04c0.906-1.584,2.262-2.652,3.947-3.312c1.089-0.428,2.219-0.63,3.391-0.552   c1.519,0.102,2.904,0.596,4.152,1.469c0.035,0.025,0.068,0.052,0.101,0.08c0.005,0.003,0.008,0.012,0.019,0.027   c-0.337,0.349-0.679,0.686-0.998,1.043c-0.105,0.12-0.209,0.142-0.353,0.142c-2.37-0.003-4.741-0.003-7.112-0.003   c-0.692,0-1.208,0.516-1.208,1.208c-0.001,2.211,0,4.419,0,6.628c0,0.33,0.003,0.66,0.001,0.99c0,0.046-0.014,0.102-0.042,0.134   c-0.364,0.395-0.731,0.786-1.098,1.179C6.907,15.046,6.896,15.052,6.876,15.064z M7.174,15.424   c0.329-0.346,0.642-0.672,0.938-0.983c0.072,0.125,0.128,0.259,0.217,0.363c0.09,0.107,0.213,0.184,0.333,0.283   C8.373,15.39,8.08,15.696,7.771,16.02C7.569,15.819,7.375,15.623,7.174,15.424z M19.151,15.117   c-1.184,1.403-2.693,2.287-4.479,2.683c-2.144,0.477-4.15,0.094-6.011-1.064c-0.149-0.091-0.288-0.203-0.43-0.307   c-0.037-0.026-0.07-0.059-0.115-0.098c0.044-0.046,0.083-0.092,0.125-0.136c0.301-0.323,0.599-0.646,0.904-0.966   c0.039-0.041,0.109-0.073,0.165-0.073c1.244-0.003,2.486,0,3.729,0.002c1.174,0.003,2.348,0.007,3.523,0.007   c0.325,0,0.636-0.066,0.891-0.286c0.27-0.235,0.392-0.542,0.392-0.897c0.002-2.56,0.002-5.119-0.001-7.678   c-0.001-0.105,0.029-0.179,0.101-0.252c0.354-0.373,0.705-0.75,1.07-1.139c0.127,0.164,0.257,0.315,0.372,0.476   c1.011,1.43,1.543,3.016,1.525,4.771C20.896,12.011,20.354,13.688,19.151,15.117z' fill='#9EA0A5'></path>
</g>
</svg>
<!-- END ICON -->
<span>About</span>
</a>
</li>
<!-- Mobile Only Sign in area -->
<li class='acct_links desktop-hide'>
<a class='login-button' href='https://talosintelligence.com/users/auth/saml'>Cisco Login</a>
</li>
</ul>
</div>
</div>
</nav>
<!-- MOBILE NAVIGATION TRIGGER -->
<input class='nav-trigger' id='nav-trigger' type='checkbox'/>
<label for='nav-trigger'>
<!-- NAVIGATION MENU ICON -->
<svg height='16px' viewBox='0 0 22 16' width='22px' x='0px' xmlns='https://www.w3.org/2000/svg' xmlns:xlink='https://www.w3.org/1999/xlink' y='0px'>
<g id='menu-icon'>
<path d='M20.5,3h-19C0.672,3,0,2.329,0,1.5S0.672,0,1.5,0h19C21.328,0,22,0.671,22,1.5S21.328,3,20.5,3z' fill='#FFFFFF'></path>
<path d='M20.5,9.5h-19C0.672,9.5,0,8.828,0,8c0-0.829,0.672-1.5,1.5-1.5h19C21.328,6.5,22,7.171,22,8   C22,8.828,21.328,9.5,20.5,9.5z' fill='#FFFFFF'></path>
<path d='M20.5,16h-19C0.672,16,0,15.328,0,14.5S0.672,13,1.5,13h19c0.828,0,1.5,0.672,1.5,1.5S21.328,16,20.5,16z' fill='#FFFFFF'></path>
</g>
</svg>
<!-- END ICON -->
</label>
<!-- END OF NAVIGATION / BEGINNING OF PAGE CONTENT -->
<div id='page_wrapper'>
<div class='container-fluid full-height'>
<div class='row full-height'>
<div class='col-xs-12 col_single'>
<div class='row'>
<div class='col-xs-12 publication' id='content-wrapper'>
<div id='main-wrapper'>
<div class='main section' id='main'><div class='widget Blog' data-version='1' id='Blog1'>
<div class='blog-posts hfeed'>
<!--Can't find substitution for tag [defaultAdStart]-->

                        <div class="date-outer">
                      
<h2 class='date-header'><span>Tuesday, August 2, 2022</span></h2>

                        <div class="date-posts">
                      
<div class='post-outer'>
<div class='post hentry uncustomized-post-template' itemprop='blogPost' itemscope='itemscope' itemtype='https://schema.org/BlogPosting'>
<meta content='https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsnZVqaECj6vdsft3luT7kVveSWQaFxytsp-RFda-jgVhbrqFiIfwbdlPP_ismSW4vbzINmeOKtYHxG7m-C2lFpDLVaj0TnQG8i2enwFaZB6gWDBhSQ3MuuD7lmF-Cq-VcVbseIRU2_dh9iylBOBs5CHRdEuQlpYa2GdKi7j815O908c0JIQ-k-JUjew/s16000/image13.jpg' itemprop='image_url'/>
<meta content='1029833275466591797' itemprop='blogId'/>
<meta content='815244403413243368' itemprop='postId'/>
<a name='815244403413243368'></a>
<h3 class='post-title entry-title' itemprop='name'>
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
</h3>
<div class='post-header'>
<div class='post-header-line-1'></div>
</div>
<div class='post-body entry-content' id='post-body-815244403413243368' itemprop='description articleBody'>
<h2 id="h.3s9ackar2bbi"><span style="color: red; font-size: 16px; font-weight: bold;"><div class="separator" style="clear: both; text-align: center;"><img border="0" data-original-height="987" data-original-width="1999" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsnZVqaECj6vdsft3luT7kVveSWQaFxytsp-RFda-jgVhbrqFiIfwbdlPP_ismSW4vbzINmeOKtYHxG7m-C2lFpDLVaj0TnQG8i2enwFaZB6gWDBhSQ3MuuD7lmF-Cq-VcVbseIRU2_dh9iylBOBs5CHRdEuQlpYa2GdKi7j815O908c0JIQ-k-JUjew/s16000/image13.jpg" /></div></span></h2>
<br />
By <a href="https://twitter.com/asheermalhotra">Asheer Malhotra</a> and <a href="https://twitter.com/_vventura">Vitor Ventura</a>.<br />
<br />
<ul>
<li>
Cisco Talos recently discovered a new attack framework called "Manjusaka" being used in the wild that has the potential to become prevalent across the threat landscape. This framework is advertised as an imitation of the Cobalt Strike framework.</li>
</ul>
<ul>
<li>
The implants for the new malware family are written in the Rust language for Windows and Linux.</li>
<li>
A fully functional version of the command and control (C2), written in GoLang with a User Interface in Simplified Chinese, is freely available and can generate new implants with custom configurations with ease, increasing the likelihood of wider adoption of this framework by malicious actors.</li>
<li>
We recently discovered a campaign in the wild using lure documents themed around COVID-19 and the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. These maldocs ultimately led to the delivery of Cobalt Strike beacons on infected endpoints.</li>
<li>
We have observed the same threat actor using the Cobalt Strike beacon and implants from the Manjusaka framework.</li>
</ul>
<br />
<br />
<h2 id="h.5a7qzr3haqiq">Introduction</h2>
<br />
Cisco Talos has discovered a relatively new attack framework called "Manjusaka" (which can be translated to "cow flower" from the Simplified Chinese writing) by their authors, being used in the wild.<br />
<br />
As defenders, it is important to keep track of offensive frameworks such as <a href="https://talos-intelligence-site.s3.amazonaws.com/production/document_files/files/000/095/031/original/Talos_Cobalt_Strike.pdf">Cobalt Strike</a> and Sliver so that enterprises can effectively defend against attacks employing these tools. Although we haven't observed widespread usage of this framework in the wild, it has the potential to be adopted by threat actors all over the world. This disclosure from Talos intends to provide early notification of the usage of Manjusaka. We also detail the framework's capabilities and the campaign that led to the discovery of this attack framework in the wild.<br />
<br />
The research started with a malicious Microsoft Word document (maldoc) that contained a Cobalt Strike (CS) beacon. The lure on this document mentioned a COVID-19 outbreak in Golmud City, one of the largest cities in the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province. During the investigation, Cisco Talos found no direct link between the campaign and the framework developers, aside from the usage of the framework (which is freely available on GitHub). However, we could not find any data that could support victimology definition. This is justifiable considering there's a low number of victims, indicating the early stages of the campaign, further supported by the maldoc metadata that indicates it was created in the second half of June 2022.<br />
<br />
While investigating the maldoc infection chain, we found an implant used to instrument Manjusaka infections, contacting the same IP address as the CS beacon. This implant is written in the Rust programming language and we found samples for Windows and Linux operating systems. The Windows implant included test samples, which had non-internet-routable IP addresses as command and control (C2). Talos also discovered the Manjusaka C2 executable &#8212; a fully functional C2 ELF binary written in GoLang with a User Interface in Simplified Chinese &#8212; on GitHub. While analyzing the C2, we generated implants by specifying our configurations. The developer advertises it has an adversary implant framework similar to <a href="https://www.cobaltstrike.com/">Cobalt Strike</a> or <a href="https://github.com/BishopFox/sliver">Sliver</a>. <br />
<br />
The developers have provided a design diagram of the Manjusaka framework illustrating the communications between the various components. A lot of these components haven't been implemented in the C2 binary available for free. Therefore, it is likely that either:<br />
<br />
<ul>
<li>
The framework is actively under development with these capabilities coming soon OR</li>
<li>
The developer intends to or is already providing these capabilities via a service/tool to purchase - and the C2 available for free is just a demo copy for evaluation.</li>
</ul>
<br />
<img border="0" data-original-height="859" data-original-width="1086" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEinE8LRTa-tPGUUFH2ovmU0QiL4-4_goEwtotFehfTFYdcmM1YPyqYCdmL-k5p9cGvrv6DvnhZxLjANYZ2xm-Oyndk-rp8WWOftdSOeqwODfXOoSU2WJoKJ8ivdcI5DtistpEYt2eUnt8shLypCSXHTEBAFDL6cUKqmtmkthpmREEYtd5cqUEHN2R9QOA/s16000/image12.png" /><br />
<br /><div style="text-align: center;">Manjusaka design diagram.</div>
<div><br /></div><br />
<a name='more'></a>
<br />
<br />

<h2 id="h.59tqlohcspd">Manjusaka attack framework</h2>
<br />
The malware implant is a RAT family called "Manjusaka." The C2 is an ELF binary written in GoLang, while the implants are written in the Rust programming language, consisting of a variety of capabilities that can be used to control the infected endpoint, including executing arbitrary commands. We discovered EXE and ELF versions of the implant. Both sets of samples catering to these platforms consist of almost the same set of RAT functionalities and communication mechanisms.<br />
<br /><br />
<h3 id="h.5ghpxvc8nu7e">Communications</h3>
The sample makes HTTP requests to a fixed address <span style="font-family: courier;">http[:]//39[.]104[.]90[.]45/global/favicon.png</span> that contains a fixed session cookie defined by the sample rather than by the server. The session cookie in the HTTP requests is base64 encoded and contains a compressed copy of binary data representing a combination of random bytes and system preliminary information used to fingerprint and register the infected endpoint with the C2. The image below shows the information used to generate such a session cookie.<br />
<br /><img border="0" data-original-height="206" data-original-width="817" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWhkJ7FZTGQUt_E5FvEm0pB5C-FCCXggOUmR0X3aSNQ2qxq25AxF64kg8xD-UCeztWYQJB2bof4FFrek23wzDWk5P2-eW_L5nNSr0Is6GxYMNKVrp3segIhlBgF0uTP4H3zAjAdrP0-h_M0Cswsaaiu79ugyNQKHS-sGKNuINm_3z0CQnpqyWJbhieTw/s16000/image9.png" /><br />
<br />
The information on the cookie is arranged as described in the table below before it is compressed and encoded into base64.<br />
<br /><img border="0" data-original-height="492" data-original-width="1999" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhwqxpzFRpCT0bLaAESeGS_jq8eSK6RJ_3jxtMqPI2wPaYW_TrSSSkKjSLFABM6jXWLrbg5Nc_1jxzwaYzZAi7KARxqJe9gbHCuqARq1cQIIyRAvLGFhsH7pFEvObYenDsoQb8vF_a2UEBhpj2GbNFJtC7Njg9RNWNYth-bk5kvdfdqOby0uQ600-6odw/s16000/image3.jpg" /><br /><br />
<br />
The communication follows a regular pattern of communication, the implant will make a request to an URL which in this case is '<span style="font-family: courier;">/global/favicon.png</span>', as seen in the image below.<div><br />
<img border="0" data-original-height="279" data-original-width="1408" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSDMukaCTwN14xNf049AGxHLpBeS7UeEfgVPxc4raBUTonq7HnMCDIyXOTfp71MlRc6bZFYxHRvcNBwZ1Mg1VhJGnvNcqf4d7Ky0MU5Klpvu5bSxSHBM6CZreVEPTygBoUYfuj9Evchb1L8Ly3OLxCTe04STleSqfyywL0k0WC511fAVREAU3dhkKxOw/s16000/image1.png" /><br /><br />
<br />
Even though the request is an HTTP GET, it sends two bytes that are <span style="font-family: courier;">0x191a</span> as data. The reply is always the same, consisting of five bytes <span style="font-family: courier;">0x1a1a6e0429</span>. This is the C2 standard reply, which does not correspond to any kind of action on the implant.<br />
<br />
If the session cookie is not provided, the server will reply with a 302 code redirecting to <span style="font-family: courier;">http[:]//micsoft[.]com</span> which is also redirected, this time with a 301, to <span style="font-family: courier;">http[:]//wwwmicsoft[.]com</span>. At the time of publishing, the redirection seems like a trick to distract researchers. Talos could not find any direct correlation between the domains and the authors and/or operators of this C2.<br />
<br /><br />
<h3 id="h.wv5i78cmpt73">Implant capabilities</h3>
<br />
The implant consists of a multitude of remote access trojan (RAT) capabilities that include some standard functionality and a dedicated file management module.<br />
<br /><img border="0" data-original-height="372" data-original-width="965" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwz6ntOuNUx2j42E3CUDZnj2lBUddaXzv-gFpwWDrIuSmfy7sL_rA5aUoqZPpB2w_rYYWbwTw3m_HzydyupQZpaLu5zQleh2mClMcP7H_xHuqJV9sx_i8NX6g43z7ROxsRaunZdHH2iCa3yoZPUpakYeG5VI8btFc2taT28uNoXXve-SB8aCKPKsXWbg/s16000/image5.png" /><br /><br />
<br /><div style="text-align: center;">Switch cases for handling various requests received by the C2.</div>
<div><br /></div><br />
<h4 id="h.kokr3eioenq6">Commands serviced by the RAT</h4>
<br />
The implant can perform the following functions on the infected endpoint based on the request and accompanying data received from the C2 server:<br />
<br />
<ul>
<li>
Execute arbitrary commands: The implant can run arbitrary commands on the system using "<span style="font-family: courier;">cmd.exe /c</span>".</li>
</ul><div class="separator" style="clear: both; text-align: center;"><img border="0" data-original-height="377" data-original-width="546" height="442" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiiAowPPFxL82f3zyZDTp2rHtM8Cb5Vxw01mgjgIZ9WD4f26Skqhnc5jfw_4y8Pcp8vX5s2E9bZjkYES5nUqa_Pb1Iv0U5tbw54-bctqkmKW34crnZG5NdNGMoHu7ffs39SWix33bAV8qP8mHZf4I0AlBPTHgBuHXORb_hpR8LyBTnp3ghlVDGjDyNK7A/w640-h442/image15.png" width="640" /></div><br /><div><br /></div>
<br />
<ul>
<li>
Get file information for a specified file: Creation and last write times, size, volume serial number and file index.</li></ul>
<ul>
<li>
Get information about the current network connections (TCP and UDP) established on the system, including Local network addresses, remote addresses and owning Process IDs (PIDs).</li></ul>
<ul>
<li>
Collect browser credentials: Specifically for Chromium-based browsers using the query: <span style="font-family: courier;">SELECT signon_realm, username_value, password_value FROM logins</span> ; Browsers targeted: Google Chrome, Chrome Beta, Microsoft Edge, 360 (Qihoo), QQ Browser (Tencent), Opera, Brave and Vivaldi.</li></ul>
<ul>
<li>
Collect Wi-Fi SSID information, including passwords using the command: <span style="font-family: courier;">netsh wlan show profile &lt;WIFI_NAME&gt; key=clear</span></li></ul><div><div class="separator" style="clear: both; text-align: center;"><img border="0" data-original-height="835" data-original-width="638" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrUvTfL4uox9NS7e4TvCXvrEvRyPRzwU42HhcXpu66Ky4jYszYbOM2nyg3oNROA2FWFHW46NcywyWhK-1BEVYLKJSXvF25idS-CiYWNzKZTWypvn4ioheOcuSPX7BbkOAT3dz7Q5oWbi9JqJ2qjSSngzVaOvE_v4NHod0yXGiHNLPOL173jyXoVZn1rA/w490-h640/image8.png" width="490" /></div><br /></div>
<br />
<ul>
<li>
Obtain Premiumsoft Navicat credentials: <a href="https://www.navicat.com/">Navicat</a> is a graphical database management utility that can connect to a variety of DB types such as MySQL, Mongo, Oracle, SQLite, PostgreSQL, etc. The implant enumerates through the installed software's registry keys for each configured DB server and obtains the values representing the <span style="font-family: courier;">Port, UserName, Password (Pwd)</span>.</li>
</ul><div class="separator" style="clear: both; text-align: center;"><img border="0" data-original-height="421" data-original-width="707" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjM-fFURbKIS_g2gUixLGv1lCLmkW6x-ue3PZwDEwKVefCCtJHC8RDrqhY4wvKdEAk73joh3rf69jWzBrjc4GfjevaVA59FL0d2B07SIMWS77RGtGBqtMJepWQJMCWj_Qw-BI2PGoq0_FabzcrRVSbgxbSTAZnaCRqXEknRhIrnAVnS5tOW_7OTfna5Q/s16000/image17.png" /></div><div><br /></div>
<br />
<ul>
<li>
Take screenshots of the current desktop.</li></ul>
<ul style="text-align: left;">
<li>
Obtain comprehensive system information from the endpoint, including:</li><ul><li>System memory global information.</li><li>Processor power information.</li><li>Current and critical temperature readings from WMI using "<span style="font-family: courier;">SELECT * FROM MSAcpi_ThermalZoneTemperature</span>"</li><li>Information on the network interfaces connected to the system: Names </li><li>Process and System times: User time, exit time, creation time, kernel time.</li><li>Process module names.</li><li>Disk and drive information: Volume serial number, name, root path name and disk free space. </li><li>Network account names, local groups.</li><li>Windows build and major version numbers.</li></ul></ul>
<ul>
<li>
Activate the file management module to carry out file-related activities.</li>
</ul>
<br />
<br />
<h4 id="h.5wnfo62zo81e">File Management Capabilities</h4>
<br />
The file management capabilities of the implant include:<br />
<br />
<ul>
<li>
File enumeration: List files in a specified location on disk. This is essentially the "ls" command.</li>
<li>
Create directories on the file system.</li>
<li>
Get and set the current working directory.</li>
<li>
Obtain the full path of a file.</li>
<li>
Delete files and remove directories on disk.</li>
<li>
Move files between two locations. Copy the file to a new location and delete the old copy.</li>
</ul><div class="separator" style="clear: both; text-align: center;"><img border="0" data-original-height="795" data-original-width="628" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi-ngbAM6FdsbSV8pWmKjqM5GLAJs5mVSEALj0BO84WzMaZHl1WqqIcbFfPVo2BHHWxKnFArTfrCpGVmhIHYN9zSjSrlHIol5ajW_ZnzFac-2Oxk-_UMcE5NxqJGJEazqmvXpLtVb9y8MYvsZxMh8Qx6TJRFlmEeSG9ujXjUWdeHxBWVkh0l9IjilAiCQ/w506-h640/image10.png" width="506" /></div><br /><div><br /></div>
<br /><div style="text-align: center;">Copy file operation done and part of the move.</div>
<br />
<ul>
<li>
Read and write data to and from the file.</li>
</ul>
<br />
<br />
<h3 id="h.d9i3f01qal9r">ELF variant</h3>
<br />
The ELF variant consists of pretty much the same set of functionalities as its Windows counterpart. However, two key functionalities missing in the ELF variant are the ability to collect credentials from Chromium-based browsers and harvest Wi-Fi login credentials.<br />
<br />
Just like the Windows version, the ELF variant also collects a variety of system-specific information from the endpoint:<br />
<br />
<ul>
<li>
Global system information such as page size, clock tick count, current time, hostname, version, release, machine ID, etc.</li>
<li>
System memory information from <span style="font-family: courier;">/proc/meminfo</span> including cached memory size, free and total memory, swap memory sizes and Slab memory sizes.</li>
<li>
System uptime from <span style="font-family: courier;">/proc/uptime</span>: System uptime and idle time of cores.</li>
<li>
OS identification information from <span style="font-family: courier;">/proc/os-release</span> and <span style="font-family: courier;">lsb-release</span>.</li>
<li>
Kernel activity information from <span style="font-family: courier;">/proc/stat</span>.</li>
<li>
CPU information from <span style="font-family: courier;">/proc/cpuinfo</span> and <span style="font-family: courier;">/sys/devices/system/cpu/cpu*/cpufreq/scaling_max_freq</span></li>
<li>
Temperature information from <span style="font-family: courier;">/sys/class/hwmon</span> and <span style="font-family: courier;">/sys/class/thermal/thermal_zone*/temp</span></li>
<li>
Network interfaces information and statistics from <span style="font-family: courier;">/sys/class/net</span>.</li>
<li>
Device mount and file system information. SCSI device information.</li>
<li>
Account information from <span style="font-family: courier;">/etc/passwd</span> and group lists of users.</li>
</ul>
<br />
<br />
Both versions contain functionally equivalent file management modules that are used exclusively for managing files and directories on the infected system.<br />
<br /><img border="0" data-original-height="316" data-original-width="1805" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOl-D-9VwRzRI3RPTqCDMjeLnNjRFT3NDT4hp_udx3KOBfBb0qrXrv_WUmFj7Hn3OJyVyS8NEHR2RG_ih0T8Md1LzM0JGo8MwFR-7v_7N1IqlKX_7ivlkLmN8r5UEmNailJlG-JDFReUMhbiaoOkcpmt4nHWWnIPxk2pXEAURbCUVq7XWGx4lb6oD5KQ/s16000/image14.png" /><br />
<br /><div style="text-align: center;">EXE vs ELF versions of the implant containing functionally equivalent file management modules.</div>
<div><br /></div><br />
<h3 id="h.mje7h7r7nxzq">Command and control server</h3>
<br />
During the course of our investigation, we discovered a copy of the C2 server binary for Manjusaka hosted on GitHub at <span style="font-family: courier;">hxxps://github[.]com/YDHCUI/manjusaka</span>. <br />
<br />
It can monitor and administer an infected endpoint and can generate corresponding payloads for Windows and Linux. The payloads generated are the Rust implants described earlier.<br />
<br />
The C2 server and admin panel are primarily built on the <a href="https://github.com/gin-gonic/gin">Gin Web Framework</a> which is used to administer and issue commands to the Rust-based implants/stagers.<br />
<br /><div style="text-align: center;"><img border="0" data-original-height="548" data-original-width="883" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiFMlf3PVIlvXUMNL6Gp3VblOpaK6x9hQvDpbA_8UUmzMUcPB2siLeazMAbGhiS2nR1zpu68GEERSXM8irs70mps91SSC__Zr0wisPL6q_Q6_gadHlaKTxBlEYBrskJPxd2AKelneeMaD3v1ERMAM4pYFteaZ0Z1VEeaDOKfsZHQ2vLVfEnyWcbu8495w/s16000/image7.png" /></div><br />
<br /><div style="text-align: center;">C2 server implant generation prompt.</div>
<br />
After filling in the several options, the operator presses the "generate" button. This fires a GET request to the C2 following the format below.<br />
<br /><span style="font-family: courier;">
http://&lt;C2_IP_ADDRESS&gt;:&lt;Port&gt;/agent?c=&lt;C2_IP_ADDRESS&gt;:&lt;PORT&gt;&amp;t=&lt;EXTENDED_URL_for_C2&gt;&amp;k=&lt;ENCRYPTION_KEY&gt;&amp;w=true</span><br />
<br />
The C2 server will then generate a configured Rust-based implant for the operator. The C2 uses <a href="https://github.com/gobuffalo/packr">packr</a> to store the unconfigured Rust-based implant within the C2 binary consisting of a single packaged C2 binary that generates implants without any external dependencies.<br />
<br />
The C2 will open a "box" &#8212; i.e., a virtual folder within the GoLang-based C2 binary &#8212; that consists of a dummy Rust implant at location "<span style="font-family: courier;">plugins/npc.exe</span>". This executable is a pre-built version of the Rust implant that is then hot-patched by the C2 server based on the C2 information entered by the operator via the Web UI.<br />
<br />
The skeleton Rust implant contains placeholders for the C2 IP/domain and the extended URLs in the form of repeated special characters "$" and "*" respectively, 0x21 repetitions.<br />
<br />
E.g. The place holder for the C2 IP/Domain in the dummy implant is (hex):<br />
<br /><span style="font-family: courier;">
24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24</span><br />
<br />
which is then replaced by the C2 with an IP address such as:<br />
<br /><span style="font-family: courier;">
33 39 2E 31 30 34 2E 39 30 2E 34 35 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24 24</span><br />
<br />
The hot-patched binary is then served to the operator to download in response to the HTTP GET request from earlier.<br />
<br /><br /><br />
<h2 id="h.48y54oea0pm5">The campaign: Infection chain</h2>
<br />
We've also discovered a related campaign that consisted of a distribution of a maldoc to targets leading to the deployment of Cobalt Strike beacons on the infected systems.<br />
<br />
The infection chain involves the use of a maldoc masquerading as a report and advisory on the COVID-19 pandemic in Golmud City, one of the largest cities in the Haixi Mongol and Tibetan Autonomous Prefecture, Qinghai Province &#8212; specifically citing a case of COVID-19 and the subsequent contact tracing of individuals.<br />
<br /><div style="text-align: center;"><img border="0" data-original-height="868" data-original-width="868" height="640" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjYen_6w38eOKRN7qZWIuf96GuMwFN56diBxrJs81qNtk4OJJtv7OoEp2xNwc7lQEux1-MvXCg0Em9Oy5zvy-Av5aGc7G5f2zNe0RGB5Agtz5lCsGlXuNI5igXgxZkW-HNyFWqM7Ug_UrEWO_RBmpucUmBNXY-tZ_whZXPFVewZxfwbof62C0EUX_IpnQ/w640-h640/image6.png" width="640" /></div>
<br /><div style="text-align: center;">Maldoc lure masquerading as a report on a COVID-19 case in Golmud City.</div>
<div><br /></div><br />
<h3 id="h.mokfr0z03t0a">Maldoc analysis</h3>
<br />
The maldoc contains a VBA macro that executes <span style="font-family: courier;">rundll32.exe</span> and injects Metasploit shellcode (Stage 1) into the process to download and execute the next stage (Stage 2) in memory.<br />
<br />
The Stage 1 shellcode reached out to <span style="font-family: courier;">39[.]104[.]90[.]45/2WYz</span>.<br />
<br /><div style="text-align: center;"><img border="0" data-original-height="859" data-original-width="883" height="622" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTREvh8zxm0IIZGjO1-9tfP6kUR1RqEYSgjDbv_Nh-Bn2xTdqkCcfnjmED3BycvAGfZRV4OEojI9p4PVI2H2v4oPDoV-WeaAeakIXYUJWP2Ke-ppSOhjygB7mucu7c6mVsea5C5geCkwq_6empBnIGfmYJCK9hzMvaLTbepOmEr7R2Zc8-auYe0r0I-Q/w640-h622/image4.png" width="640" /></div><br />
<br /><div style="text-align: center;">Stage 1 shellcode downloading the next stage (Stage 2) from a remote location.</div>
<div><br /></div><br />
<h3 id="h.nocii0k29jws">Stage 2 analysis</h3>
<br />
The next stage payload downloaded from the remote location is yet another shellcode that consists of:<br />
<br />
<ul>
<li>
XOR-encoded executable: Cobalt Strike.</li>
<li>
Shellcode for decoding and reflectively loading the Cobalt Strike beacon into memory.</li>
</ul>
<br /><div style="text-align: center;"><img border="0" data-original-height="949" data-original-width="1089" height="558" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEglk7e7I-n27ntyPmFFvC_MSKOpmIS1z9GRs-adp-0iHJyLfZeKXNlzXRfqCztmkY9Gow96-f2ww660-QKBC5N7cCCm5LQjAigvXJlGZRgCVxnw_fEEVi7Nr7kzR485F1HInd34jAlv8eoUHoJDHgSWCbF_geS4ihz0oDNxkD4RrIDQC5wmGMXwldizBg/w640-h558/image16.png" width="640" /></div>

<br /><div style="text-align: center;">Code for decoding Stage 3 (Cobalt Strike beacon) in memory and executing it from the beginning of the MZ.</div>
<div><br /></div><br />
<h3 id="h.whzwplj9g0ol">Stage 3: Cobalt Strike beacon</h3>
<br />
The Cobalt Strike beacon decoded by the previous stage is then executed from the beginning of the MZ file. The beacon can reflectively load itself into the memory of the current process.<br />
<br /><div style="text-align: center;"><img border="0" data-original-height="360" data-original-width="726" height="318" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEo1pvWjHThK7Yfkul4cTkBXXp_V_tuikSYeSDQtvQoDmyLzRWl3S62sVJ0e_2cdIlwIyp8s8_C9WJgyqeExUKNCEWMqdtJF4vVMB7KxbYqJlvczaE8MQAARCsRBppNgG1Sl1LgJwoT_HNw844qqntAXJcSPcJXGtFB0FaViLe-8M8KYO5oCOJupSgMw/w640-h318/image2.png" width="640" /></div>
<br /><div style="text-align: center;">Beacon calculating and calling into the address of the DLL export enables it to reflectively load into the current process.</div>
<br />
The beacon's config is XOR encoded with the 0x4D single byte key. The configuration is:<br />
<br /><span style="font-family: courier;">
BeaconType                       - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span>HTTPS<br />
Port                             - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>443<br />
SleepTime                        - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;&nbsp;</span>60000<br />
MaxGetSize                       - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span>1048576<br />
Jitter                           - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span>0<br />
MaxDNS                           - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span>Not Found<br />
PublicKey                        - </span><pre><span style="font-family: courier;">b'0\x81\x9f0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x81\x8d\x000\x81\x89\x02\x81\x81\x00\x95\xe2\xd1\xdd1N\x99\x13W%\xdd\x86\x1ep\xf7c\x12\x8f\xf3\xc3\x81\x93\xc7\n84\xa2^T\x13\x93\x8d6\xec\xb5V\x931\x01\xd2\x87o\xa1\xa8\x10\xea\x9f\x8c\xc2uY\x92\xa0z\x82d1m\x02\xa44\xdbc\xdf\xd7\x1d#2U\x1b\x158\xc8\x1dqX\x91\xe5\x9b@\x9a\xe2\xea\x0b\xd2\xcd\x9f\xae\xb1h\x08\x15|\xa3\x0cc\xde&lt;\x17o|\x0c\x96\x878\xd2\xb4|\x86}\xa7H\x99\xd7\x8fc\xc8#\xe7W7\xec\x8fmx\xeb\xe3{\x02\x03\x01\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'</span></pre> 
<span style="font-family: courier;"><br />
C2Server                         - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>39[.]104[.]90[.]45,/IE9CompatViewList.xml<br />
UserAgent                        - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp;</span>Not Found<br />
HttpPostUri                      - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span>/submit.php<br />
HttpGet_Metadata                 - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>Not Found<br />
HttpPost_Metadata                - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;&nbsp;</span>Not Found<br />
SpawnTo                          - b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'<br />
<br />
PipeName                         - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp; &nbsp;</span>Not Found<br />
DNS_Idle                         - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp; &nbsp;</span>Not Found<br />
DNS_Sleep                        - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp;</span>Not Found<br />
SSH_Host                         - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>Not Found<br />
SSH_Port                         - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>Not Found<br />
SSH_Username                     - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>Not Found<br />
SSH_Password_Plaintext           - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;</span>Not Found<br />
SSH_Password_Pubkey              - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span>Not Found<br />
HttpGet_Verb                     - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>GET<br />
HttpPost_Verb                    - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp;</span>POST<br />
HttpPostChunk                    - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp;</span>0<br />
Spawnto_x86                      - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span>%windir%\syswow64\rundll32.exe<br />
Spawnto_x64                      - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span>%windir%\sysnative\rundll32.exe<br />
CryptoScheme                     - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp;</span>0<br />
Proxy_Config                     - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>Not Found<br />
Proxy_User                       - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span>Not Found<br />
Proxy_Password                   - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;</span>Not Found<br />
Proxy_Behavior                   - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span>Use IE settings<br />
Watermark                        - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp;</span>999999<br />
bStageCleanup                    - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp;</span>False<br />
bCFGCaution                      - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span>False<br />
KillDate                         - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>0<br />
bProcInject_StartRWX             - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>True<br />
bProcInject_UseRWX               - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span>True<br />
bProcInject_MinAllocSize         - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>0<br />
ProcInject_PrependAppend_x86     - <span>&nbsp;&nbsp; </span>Empty<br />
ProcInject_PrependAppend_x64     - <span>&nbsp;&nbsp; </span>Empty<br />
ProcInject_Execute               - <span>&nbsp; &nbsp; &nbsp;<span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span></span>CreateThread<br />
                                   <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;<span>&nbsp;&nbsp; &nbsp;<span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;</span></span></span>SetThreadContext<br />
                                   <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;<span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;&nbsp;</span></span>CreateRemoteThread<br />
                                   <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp; &nbsp; &nbsp;&nbsp;</span>RtlCreateUserThread<br />
ProcInject_AllocationMethod      - <span>&nbsp;&nbsp; &nbsp;</span>VirtualAllocEx<br />
bUsesCookies                     - <span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; &nbsp;</span><span>&nbsp;&nbsp; </span>True</span><br />
<br /><br />
<h2 id="h.b01oapkpbsbx">Attribution</h2>
<br />
Before even thinking about the attribution, it's important to distinguish between the developer of the malware and the campaign operators. The C2 binary is fully functional (although limited in features), self contained and publicly available, which means that anyone could have downloaded it and used it in the campaign we discovered.<br />
<br />
As such, we have decided to list the data points that could be interpreted as a possible indicator and encourage the community to perform the analysis and add other data points that might contribute to the attribution, either for the campaign or for the developers behind the framework.<br />
<br />
For this campaign, there isn't much to lead to formal attribution with any confidence, besides the fact that the maldoc refers to a COVID-19 outbreak in Golmud City, offering a detailed timeline of the outbreak.<br />
<br />
For the developer of Manjusaka, we have several indicators: <br />
<br />
<ul>
<li>
The Rust-based implant does not use the standard crates.io library repository for the dependency resolving. Instead, it was manually configured by the developers to use the mirror located at <span style="font-family: courier;">ustc[.]edu[.]cn</span>, which stands for the University Science and Technology of China.</li></ul>
<ul>
<li>
The C2 menus and options are all written in Simplified Chinese.</li></ul>
<ul>
<li>
Our OSINT suggests that the author of this framework is located in the GuangDong region of China.</li>
</ul>
<br />
<br />
<h2 id="h.hb2lmp8kx3qo">Conclusion</h2>
<br />
The availability of the Manjusaka offensive framework is an indication of the popularity of widely available offensive technologies with both crimeware and APT operators. This new attack framework contains all the features that one would expect from an implant, however, it is written in the most modern and portable programming languages. The developer of the framework can easily integrate new target platforms like MacOSX or more exotic flavors of Linux as the ones running on embedded devices. The fact that the developer made a fully functional version of the C2 available increases the chances of wider adoption of this framework by malicious actors. <br />
<br />
Organizations must be diligent against such easily available tools and frameworks that can be misused by a variety of threat actors. In-depth defense strategies based on a risk analysis approach can deliver the best results in the prevention. However, this should always be complemented by a good incident response plan which has been not only tested with tabletop exercises and reviewed and improved every time it's put to the test on real engagements.<br />
<br /><br />
<h2 id="h.cppg99goporo">Coverage</h2>
<br />
Ways our customers can detect and block this threat are listed below.</div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><img border="0" data-original-height="1163" data-original-width="1196" height="622" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRmp-NoEslv3rLq1U3qqnvU3_hbUQQCmV6JG4S5GaKMvedTxxCV9eCcJdgdfDb8RafO5EfokfGDlIDK6un44KCj_bWAnqY3AYzJFAPo1PU_MT7kH-gX-EVO8BvaPViQ0kEjjKL30xG9KyEl7htIuvwjjdCE8tUqPkKzj7OUuLx-i0lyp1lIQYU6DbKgw/w640-h622/image11.png" width="640" /></div><div><br />
<br />
<a href="https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html">Cisco Secure Endpoint</a> (formerly AMP for Endpoints) is ideally suited to prevent the execution of the malware detailed in this post. Try Secure Endpoint for free <a href="https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/free-trial.html?utm_medium%3Dweb-referral?utm_source%3Dcisco%26utm_campaign%3Damp-free-trial%26utm_term%3Dpgm-talos-trial%26utm_content%3Damp-free-trial">here.</a><br />
<br />
<a href="https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html">Cisco Secure Web Appliance</a> web scanning prevents access to malicious websites and detects malware used in these attacks.<br />
<br />
<a href="https://www.cisco.com/c/en/us/products/security/email-security/index.html">Cisco Secure Email</a> (formerly Cisco Email Security) can block malicious emails sent by threat actors as part of their campaign. You can try Secure Email for free <a href="https://www.cisco.com/c/en/us/products/security/cloud-mailbox-defense?utm_medium%3Dweb-referral%26utm_source%3Dcisco%26utm_campaign%3Dcmd-free-trial-request%26utm_term%3Dpgm-talos-trial">here</a>.<br />
<br />
<a href="https://www.cisco.com/c/en/us/products/security/firewalls/index.html">Cisco Secure Firewall</a> (formerly Next-Generation Firewall and Firepower NGFW) appliances such as <a href="https://www.cisco.com/c/en/us/products/collateral/security/firepower-ngfw-virtual/datasheet-c78-742858.html">Threat Defense Virtual</a>, <a href="https://www.cisco.com/c/en/us/products/security/adaptive-security-appliance-asa-software/index.html">Adaptive Security Appliance</a> and <a href="https://meraki.cisco.com/products/appliances">Meraki MX</a> can detect malicious activity associated with this threat.<br />
<br />
<a href="https://www.cisco.com/c/en/us/products/security/threat-grid/index.html">Cisco Secure Malware Analytics</a> (Threat Grid) identifies malicious binaries and builds protection into all Cisco Secure products.<br />
<br />
<a href="https://umbrella.cisco.com/">Umbrella</a>, Cisco's secure internet gateway (SIG), blocks users from connecting to malicious domains, IPs and URLs, whether users are on or off the corporate network. Sign up for a free trial of Umbrella <a href="https://signup.umbrella.com/?utm_medium%3Dweb-referral?utm_source%3Dcisco%26utm_campaign%3Dumbrella-free-trial%26utm_term%3Dpgm-talos-trial%26utm_content%3Dautomated-free-trial">here</a>.<br />
<br />
<a href="https://www.cisco.com/c/en/us/products/security/web-security-appliance/index.html">Cisco Secure Web Appliance</a> (formerly Web Security Appliance) automatically blocks potentially dangerous sites and tests suspicious sites before users access them. <br />
<br />
Additional protections with context to your specific environment and threat data are available from the <a href="https://www.cisco.com/c/en/us/products/security/firepower-management-center/index.html">Firewall Management Center</a>.<br />
<br />
<a href="https://signup.duo.com/?utm_source%3Dtalos%26utm_medium%3Dreferral%26utm_campaign%3Dduo-free-trial">Cisco Duo</a> provides multi-factor authentication for users to ensure only those authorized are accessing your network. <br />
<br />
Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on <a href="https://www.snort.org/products">Snort.org</a>.<br />
<br /><br /><br /><br />
<h2 id="h.g3ok1w5l9642">IOCs</h2>
<div><br /></div><div>IOCs for this research can also be found at our Github repository <a href="https://github.com/Cisco-Talos/IOCs/tree/main/2022/08" target="_blank">here</a>.</div><br />
<h3 id="h.tnm5z2uf0np3">Hashes</h3>
<br />
<h4 id="h.92z1tiu6ss6h">Maldoc and CS beacon samples</h4><span style="font-family: courier;">
58a212f4c53185993a8667afa0091b1acf6ed5ca4ff8efa8ce7dae784c276927<br />
8e7c4df8264d33e5dc9a9d739ae11a0ee6135f5a4a9e79c354121b69ea901ba6<br />
54830a7c10e9f1f439b7650607659cdbc89d02088e1ab7dd3e2afb93f86d4915</span><br />
<br />
<h4 id="h.tve8xs1iny8k">Rust samples</h4><span style="font-family: courier;">
8e9ecd282655f0afbdb6bd562832ae6db108166022eb43ede31c9d7aacbcc0d8<br />
a8b8d237e71d4abe959aff4517863d9f570bba1646ec4e79209ec29dda64552f<br />
3f3eb6fd0e844bc5dad38338b19b10851083d078feb2053ea3fe5e6651331bf2<br />
0b03c0f3c137dacf8b093638b474f7e662f58fef37d82b835887aca2839f529b</span><br />
<br />
<h4 id="h.itdpy1pc3e3y">C2 binaries</h4><span style="font-family: courier;">
fb5835f42d5611804aaa044150a20b13dcf595d91314ebef8cf6810407d85c64<br />
955e9bbcdf1cb230c5f079a08995f510a3b96224545e04c1b1f9889d57dd33c1</span><br />
<br />
<h3 id="h.mk5a2iy2fj51">URLs</h3><span style="font-family: courier;">
https[://]39[.]104[.]90[.]45/2WYz<br />
http[://]39[.]104[.]90[.]45/2WYz<br />
http[://]39[.]104[.]90[.]45/IE9CompatViewList.xml<br />
http[://]39[.]104[.]90[.]45/submit.php</span><br />
<br />
<h4 id="h.nbofmhd0e9l7">User-Agents</h4><span style="font-family: courier;">
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)<br />
Mozilla/5.0 (Windows NT 8.0; WOW64; rv:58.0) Gecko/20120102 Firefox/58<br />
Mozilla/5.0 (Windows NT 8.0; WOW64; rv:40.0) Gecko</span><br />
<br />
<h3 id="h.jkmtvyry26ve">IPs</h3><span style="font-family: courier;">
39[.]104[.]90[.]45</span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div><div><span style="font-family: courier;"><br /></span></div>
<div style='clear: both;'></div>
</div>
<div class='post-footer'>
<div class='post-footer-line post-footer-line-1'>
<span class='post-author vcard'>
Posted by
<span class='fn' itemprop='author' itemscope='itemscope' itemtype='https://schema.org/Person'>
<span itemprop='name'>Asheer Malhotra</span>
</span>
</span>
<span class='post-timestamp'>
at
<meta content='http://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html' itemprop='url'/>
<a class='timestamp-link' href='https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html' rel='bookmark' title='permanent link'><abbr class='published' itemprop='datePublished' title='2022-08-02T08:00:00-04:00'>8:00 AM</abbr></a>
</span>
<span class='reaction-buttons'>
</span>
<span class='post-comment-link'>
</span>
<span class='post-backlinks post-comment-link'>
</span>
<span class='post-icons'>
<span class='item-control blog-admin pid-1342217723'>
<a href='https://www.blogger.com/post-edit.g?blogID=1029833275466591797&postID=815244403413243368&from=pencil' title='Edit Post'>
<img alt='' class='icon-action' height='18' src='https://img2.blogblog.com/img/icon18_edit_allbkg.gif' width='18'/>
</a>
</span>
</span>
<div class='post-share-buttons goog-inline-block'>
</div>
</div>
<div class='post-footer-line post-footer-line-2'>
<span class='post-labels'>
Labels:
<a href='https://blog.talosintelligence.com/search/label/Cobalt%20Strike' rel='tag'>Cobalt Strike</a>,
<a href='https://blog.talosintelligence.com/search/label/Malware' rel='tag'>Malware</a>,
<a href='https://blog.talosintelligence.com/search/label/offensive' rel='tag'>offensive</a>,
<a href='https://blog.talosintelligence.com/search/label/SecureX' rel='tag'>SecureX</a>,
<a href='https://blog.talosintelligence.com/search/label/Sliver' rel='tag'>Sliver</a>
</span>
</div>
<div class='post-footer-line post-footer-line-3'>
<div style='text-align: left;'>
<div class='social-media-share'>
<div class='social-call'><span>Share This Post</span></div>
<a class='facebook' data-text='Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' href='https://www.facebook.com/sharer.php?u=https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html&text=Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' rel='nofollow' target='_blank' title='Share This On Facebook'>
<img alt='Facebook share' border='0' src='https://www.talosintelligence.com/assets/icon_fb-share_grey.svg'/>
</a>
<a class='twitter' data-text='Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' href='https://twitter.com/share?url=https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html&text=Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' rel='nofollow' target='_blank' title='Tweet This'>
<img alt='Twitter share' border='0' src='https://www.talosintelligence.com/assets/icon_tw-share_grey.svg'/>
</a>
<a class='linkedin' data-text='Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' href='https://www.linkedin.com/sharing/share-offsite/?url=https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html&text=Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' rel='nofollow' target='_blank' title='Share This On Linkedin'>
<img alt='Linkedin share' border='0' src='https://www.talosintelligence.com/assets/icon_li-share_grey.svg'/>
</a>
<a class='reddit' data-text='Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' href='https://www.reddit.com/submit?url=https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html&title=Manjusaka: A Chinese sibling of Sliver and Cobalt Strike' rel='nofollow' target='_blank' title='Reddit This'>
<img alt='Reddit share' border='0' src='https://www.talosintelligence.com/assets/icon_re-share_grey.svg'/>
</a>
<a href='mailto:?body=https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html&subject=Manjusaka: A Chinese sibling of Sliver and Cobalt Strike'>
<img alt='Email This' border='0' src='https://www.talosintelligence.com/assets/icon_em-share_grey.svg'/>
</a>
</div>
</div>
<span class='post-location'>
</span>
</div>
</div>
</div>
<div class='comments' id='comments'>
<a name='comments'></a>
<h4>No comments:</h4>
<div id='Blog1_comments-block-wrapper'>
<dl class='' id='comments-block'>
</dl>
</div>
<p class='comment-footer'>
<div class='comment-form'>
<a name='comment-form'></a>
<h4 id='comment-post-message'>Post a Comment</h4>
<p>
</p>
<p>Note: Only a member of this blog may post a comment.</p>
<a href='https://www.blogger.com/comment/frame/1029833275466591797?po=815244403413243368&hl=en' id='comment-editor-src'></a>
<iframe allowtransparency='true' class='blogger-iframe-colorize blogger-comment-from-post' frameborder='0' height='410' id='comment-editor' name='comment-editor' src='' width='100%'></iframe>
<!--Can't find substitution for tag [post.friendConnectJs]-->
<script src='https://www.blogger.com/static/v1/jsbin/3262169375-comment_from_post_iframe.js' type='text/javascript'></script>
<script type='text/javascript'>
                    BLOG_CMT_createIframe('https://www.blogger.com/rpc_relay.html');
                  </script>
</div>
</p>
<div id='backlinks-container'>
<div id='Blog1_backlinks-container'>
</div>
</div>
</div>
</div>

                      </div></div>
                    
<!--Can't find substitution for tag [adEnd]-->
</div>
<div class='blog-pager' id='blog-pager'>
<span id='blog-pager-newer-link'>
<a class='blog-pager-newer-link' href='https://blog.talosintelligence.com/2022/05/vuln-spotlight-alyac-est.html' id='Blog1_blog-pager-newer-link' title='Newer Post'>Newer Post</a>
</span>
<span id='blog-pager-older-link'>
<a class='blog-pager-older-link' href='https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html' id='Blog1_blog-pager-older-link' title='Older Post'>Older Post</a>
</span>
<a class='home-link' href='https://blog.talosintelligence.com/'>Home</a>
</div>
<div class='clear'></div>
<div class='post-feeds'>
<div class='feed-links'>
Subscribe to:
<a class='feed-link' href='https://blog.talosintelligence.com/feeds/815244403413243368/comments/default' target='_blank' type='application/atom+xml'>Post Comments (Atom)</a>
</div>
</div>
</div></div>
</div>
<div id='sidebar-wrapper'>
<div class='sidebar section' id='sidebar'><div class='widget HTML' data-version='1' id='HTML1'>
<div class='widget-content'>
<style>   
   
   #search {  
   /* Old browsers */
   background: #dedfe1;
   /* W3C, IE10+, FF16+, Chrome26+, Opera12+, Safari7+ */
   background: 
     url('https://www.talosintelligence.com/assets/icon_search.svg') 96% 50% no-repeat,
     linear-gradient(to right, #dedfe1 0%,#dedfe1 84%,#ef6f09 84%,#ef6f09 100%); 
   /* FF3.6-15 */
   background: 
     url('https://www.talosintelligence.com/assets/icon_search.svg') 96% 50% no-repeat,
     -moz-linear-gradient(left, #dedfe1 0%, #dedfe1 84%, #ef6f09 84%, #ef6f09 100%); 
   /* Chrome10-25,Safari5.1-6 */
   background: 
     url(https://www.talosintelligence.com/assets/icon_search.svg) 96% 50% no-repeat,
     -webkit-linear-gradient(left, #dedfe1 0%,#dedfe1 84%,#ef6f09 84%,#ef6f09 100%); 
   
   text-align: left;  
   padding: 8px 24px 6px 6px;  
   line-height: 1em;
   border-radius: 2px;
   height: 18px; 
   cursor: pointer;
   }  
   #search:focus {
    background-color: #fff;
    box-shadow: inset 0 0 2px 1px #ED6F09;
    outline: none;
   }
   #search #s {  
   background: none;  
   color: #303338; 
   font-family: verdana; 

   font-size: 11px;  
   border: 0;  
   width: 100%;  
   padding: 0;  
   margin: 0;  
   outline: none;  
   }  
   
   </style>  
   
   <div id="search" title="Type and hit enter"> 
<form action="/search" id="searchform" method="get"> 
<input id="s" name="q" type="text" placeholder="Search Blog" /> </form> </div>
</div>
<div class='clear'></div>
</div><div class='widget HTML' data-version='1' id='HTML2'>
<h2 class='title'>categories</h2>
<div class='widget-content'>
<div id="category_list"></div>

<script>
    (function () {
        //These categories MUST match the case of the label IN USE.
        var categories = ['Headlines', 'threats', 'vulnerabilities', 'Threat Roundup'];
        var cat_list = document.getElementById('category_list');
        var selected = [];
        function select_category(e){
            e.preventDefault();
            var cat_path = 'https://blog.talosintelligence.com/search/?q=';
            target = e.target;
            search_target = e.target.getAttribute('data-search');
            var cat_search = 'label:%22' + search_target.replace(/\s/g, '%20') + '%22';
            switch (e.shiftKey) {
                case true:
                    if ( selected.includes(cat_search) ){
                        var index = selected.indexOf(cat_search);
                        selected.splice(index, 1);
                        target.classList.remove('selected');
                    } else {
                        selected.push(cat_search);
                        target.classList.add('selected');
                    }
                    break;
                case false:
                    if (!selected.includes(cat_search)){
                        selected.push(cat_search);
                    }
                    var new_path = selected.join('||');
                    selected = [];
                    location.href = cat_path += new_path;
                    break;
            }
        }
        categories.forEach((cat)=>{
            var span = document.createElement('span');
            var cat_search = cat.replace(/\s/g, '%20');
            var button = document.createElement('button');
            var rss_image = document.createElement('img');
            var rss_a = document.createElement('a');
            button.addEventListener("click", select_category);
            button.innerHTML = cat;
            button.setAttribute('data-search', cat);
            rss_image.setAttribute('src', 'https://www.talosintelligence.com/assets/icon_rss_orange.svg');
            rss_image.setAttribute('align', 'absmiddle');
            rss_a.setAttribute('href', 'https://blog.talosintelligence.com/feeds/posts/default/-/' + cat_search);
            rss_a.setAttribute('title', cat + ' RSS feed');
            rss_image.classList.add('feed-icon');
            rss_a.append(rss_image);
            span.append(button);
            span.classList = "individual-category";
            span.append(rss_a);
            cat_list.append(span);
        });
    })();
</script>
</div>
<div class='clear'></div>
</div><div class='widget Subscribe' data-version='1' id='Subscribe1'>
<div style='white-space:nowrap'>
<h2 class='title'>Subscribe To Our Feed</h2>
<div class='widget-content'>
<div>
<div class='feed-reader-links subscribe'>
<a class='feed-reader-link' href='https://blog.talosintelligence.com/feeds/posts/default' target='_blank'>
<img align='absmiddle' class='feed-icon' src='https://www.talosintelligence.com/assets/icon_rss_orange.svg'/>
Posts
</a>
</div>
</div>
<div>
<div class='feed-reader-links subscribe'>
<a class='feed-reader-link' href='https://blog.talosintelligence.com/feeds/815244403413243368/comments/default' target='_blank'>
<img align='absmiddle' class='feed-icon' src='https://www.talosintelligence.com/assets/icon_rss_orange.svg'/>
Comments
</a>
</div>
</div>
<div>
<div class='subscribe'>
<a class='feed-reader-link' href='https://www.talosintelligence.com/blog_subscription' onclick='window.open(&#39;https://www.talosintel.com/files/blog_files/email_subscription.html&#39;, &#39;popupwindow&#39;, &#39;scrollbars=yes,width=550,height=520&#39;);return true' target='popupwindow'>
<img align='absmiddle' class='feed-icon' src='https://www.talosintelligence.com/assets/icon_email_orange.svg'/>
										Subscribe via Email
                                    </a>
</div>
</div>
<div style='clear:both'></div>
</div>
</div>
<div class='clear'></div>
</div><div class='widget BlogArchive' data-version='1' id='BlogArchive1'>
<h2>Blog Archive</h2>
<div class='widget-content'>
<div id='ArchiveList'>
<div id='BlogArchive1_ArchiveList'>
<ul class='hierarchy'>
<li class='archivedate expanded'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy toggle-open'>

                          &#9660;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/'>
2022
</a>
<span class='post-count' dir='ltr'>(155)</span>
<ul class='hierarchy'>
<li class='archivedate expanded'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy toggle-open'>

                          &#9660;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/08/'>
August
</a>
<span class='post-count' dir='ltr'>(16)</span>
<ul class='posts'>
<li><a href='https://blog.talosintelligence.com/2022/08/vuln-spotlight-wwbn-avideo-stream.html'>Vulnerability Spotlight: Vulnerabilities in WWBN A...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/vuln-spotlight-hdf5-library.html'>Vulnerability Spotlight: Three vulnerabilities in ...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/threat-roundup-0805-0812.html'>Threat Roundup for August 5 to August 12</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/threat-source-newsletter-aug-11-2022.html'>Threat Source newsletter (Aug. 11, 2022) &#8212; All of ...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html'>Cisco Talos shares insights related to recent cybe...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/microsoft-patch-tuesday-for-august-2022.html'>Microsoft Patch Tuesday for August 2022 &#8212; Snort ru...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/smalltime-cybercrime.html'>Small-time cybercrime is about to explode &#8212; We are...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/threat-roundup-0729-0805.html'>Threat Roundup for July 29 to August 5</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/new-sdr-feature-released-for-cisco.html'>New SDR feature released for Cisco Secure Email</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/threat-source-newsletter-aug-4-2022.html'>Threat Source newsletter (Aug. 4, 2022) &#8212; BlackHat...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/dark-utilities.html'>Attackers leveraging Dark Utilities &quot;C2aaS&quot; platfo...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/poems-0xCCd.html'>0xCC&#39;d</a></li>
<li><a href='https://blog.talosintelligence.com/2022/05/vuln-spotlight-alyac-est.html'>Vulnerability Spotlight: Vulnerabilities in Alyac ...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html'>Manjusaka: A Chinese sibling of Sliver and Cobalt ...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html'>Vulnerability Spotlight: How misusing properly ser...</a></li>
<li><a href='https://blog.talosintelligence.com/2022/08/researcher-spotlight-you-should-have.html'>Researcher Spotlight: You should have been listeni...</a></li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/07/'>
July
</a>
<span class='post-count' dir='ltr'>(18)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/06/'>
June
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/05/'>
May
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/04/'>
April
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/03/'>
March
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/02/'>
February
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2022/01/'>
January
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/'>
2021
</a>
<span class='post-count' dir='ltr'>(291)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/12/'>
December
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/11/'>
November
</a>
<span class='post-count' dir='ltr'>(28)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/10/'>
October
</a>
<span class='post-count' dir='ltr'>(23)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/09/'>
September
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/08/'>
August
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/07/'>
July
</a>
<span class='post-count' dir='ltr'>(27)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/06/'>
June
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/05/'>
May
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/04/'>
April
</a>
<span class='post-count' dir='ltr'>(29)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/03/'>
March
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/02/'>
February
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2021/01/'>
January
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/'>
2020
</a>
<span class='post-count' dir='ltr'>(272)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/12/'>
December
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/11/'>
November
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/10/'>
October
</a>
<span class='post-count' dir='ltr'>(30)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/09/'>
September
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/08/'>
August
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/07/'>
July
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/06/'>
June
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/05/'>
May
</a>
<span class='post-count' dir='ltr'>(23)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/04/'>
April
</a>
<span class='post-count' dir='ltr'>(23)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/03/'>
March
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/02/'>
February
</a>
<span class='post-count' dir='ltr'>(29)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2020/01/'>
January
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/'>
2019
</a>
<span class='post-count' dir='ltr'>(276)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/12/'>
December
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/11/'>
November
</a>
<span class='post-count' dir='ltr'>(27)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/10/'>
October
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/09/'>
September
</a>
<span class='post-count' dir='ltr'>(27)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/08/'>
August
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/07/'>
July
</a>
<span class='post-count' dir='ltr'>(22)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/06/'>
June
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/05/'>
May
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/04/'>
April
</a>
<span class='post-count' dir='ltr'>(25)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/03/'>
March
</a>
<span class='post-count' dir='ltr'>(24)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/02/'>
February
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2019/01/'>
January
</a>
<span class='post-count' dir='ltr'>(20)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/'>
2018
</a>
<span class='post-count' dir='ltr'>(198)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/12/'>
December
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/11/'>
November
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/10/'>
October
</a>
<span class='post-count' dir='ltr'>(26)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/09/'>
September
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/08/'>
August
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/07/'>
July
</a>
<span class='post-count' dir='ltr'>(20)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/06/'>
June
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/05/'>
May
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/04/'>
April
</a>
<span class='post-count' dir='ltr'>(21)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/03/'>
March
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/02/'>
February
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2018/01/'>
January
</a>
<span class='post-count' dir='ltr'>(18)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/'>
2017
</a>
<span class='post-count' dir='ltr'>(171)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/12/'>
December
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/11/'>
November
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/10/'>
October
</a>
<span class='post-count' dir='ltr'>(15)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/09/'>
September
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/08/'>
August
</a>
<span class='post-count' dir='ltr'>(16)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/07/'>
July
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/06/'>
June
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/05/'>
May
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/04/'>
April
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/03/'>
March
</a>
<span class='post-count' dir='ltr'>(17)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/02/'>
February
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2017/01/'>
January
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/'>
2016
</a>
<span class='post-count' dir='ltr'>(99)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/12/'>
December
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/11/'>
November
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/10/'>
October
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/09/'>
September
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/08/'>
August
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/07/'>
July
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/06/'>
June
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/05/'>
May
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/04/'>
April
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/03/'>
March
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/02/'>
February
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2016/01/'>
January
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/'>
2015
</a>
<span class='post-count' dir='ltr'>(62)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/12/'>
December
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/11/'>
November
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/10/'>
October
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/09/'>
September
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/08/'>
August
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/07/'>
July
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/06/'>
June
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/05/'>
May
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/04/'>
April
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/03/'>
March
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/02/'>
February
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2015/01/'>
January
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/'>
2014
</a>
<span class='post-count' dir='ltr'>(67)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/12/'>
December
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/11/'>
November
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/10/'>
October
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/09/'>
September
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/08/'>
August
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/07/'>
July
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/06/'>
June
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/05/'>
May
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/04/'>
April
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/03/'>
March
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/02/'>
February
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2014/01/'>
January
</a>
<span class='post-count' dir='ltr'>(8)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/'>
2013
</a>
<span class='post-count' dir='ltr'>(30)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/12/'>
December
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/11/'>
November
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/10/'>
October
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/09/'>
September
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/08/'>
August
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/07/'>
July
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/06/'>
June
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/05/'>
May
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/04/'>
April
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/03/'>
March
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/02/'>
February
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2013/01/'>
January
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/'>
2012
</a>
<span class='post-count' dir='ltr'>(53)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/12/'>
December
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/11/'>
November
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/10/'>
October
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/09/'>
September
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/08/'>
August
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/07/'>
July
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/06/'>
June
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/05/'>
May
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/04/'>
April
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/03/'>
March
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/02/'>
February
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2012/01/'>
January
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/'>
2011
</a>
<span class='post-count' dir='ltr'>(23)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/12/'>
December
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/11/'>
November
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/10/'>
October
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/09/'>
September
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/08/'>
August
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/07/'>
July
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/06/'>
June
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/05/'>
May
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/04/'>
April
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/03/'>
March
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/02/'>
February
</a>
<span class='post-count' dir='ltr'>(1)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2011/01/'>
January
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/'>
2010
</a>
<span class='post-count' dir='ltr'>(93)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/12/'>
December
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/11/'>
November
</a>
<span class='post-count' dir='ltr'>(2)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/10/'>
October
</a>
<span class='post-count' dir='ltr'>(4)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/09/'>
September
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/08/'>
August
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/07/'>
July
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/06/'>
June
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/05/'>
May
</a>
<span class='post-count' dir='ltr'>(5)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/04/'>
April
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/03/'>
March
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/02/'>
February
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2010/01/'>
January
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/'>
2009
</a>
<span class='post-count' dir='ltr'>(146)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/12/'>
December
</a>
<span class='post-count' dir='ltr'>(14)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/11/'>
November
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/10/'>
October
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/09/'>
September
</a>
<span class='post-count' dir='ltr'>(13)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/08/'>
August
</a>
<span class='post-count' dir='ltr'>(9)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/07/'>
July
</a>
<span class='post-count' dir='ltr'>(19)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/06/'>
June
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/05/'>
May
</a>
<span class='post-count' dir='ltr'>(13)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/04/'>
April
</a>
<span class='post-count' dir='ltr'>(10)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/03/'>
March
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/02/'>
February
</a>
<span class='post-count' dir='ltr'>(13)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2009/01/'>
January
</a>
<span class='post-count' dir='ltr'>(11)</span>
</li>
</ul>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/'>
2008
</a>
<span class='post-count' dir='ltr'>(37)</span>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/12/'>
December
</a>
<span class='post-count' dir='ltr'>(12)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/11/'>
November
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/10/'>
October
</a>
<span class='post-count' dir='ltr'>(7)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/09/'>
September
</a>
<span class='post-count' dir='ltr'>(6)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/08/'>
August
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
<ul class='hierarchy'>
<li class='archivedate collapsed'>
<a class='toggle' href='javascript:void(0)'>
<span class='zippy'>

                          &#9658;&#160;
                        
</span>
</a>
<a class='post-count-link' href='https://blog.talosintelligence.com/2008/05/'>
May
</a>
<span class='post-count' dir='ltr'>(3)</span>
</li>
</ul>
</li>
</ul>
</div>
</div>
<div class='clear'></div>
</div>
</div><div class='widget BlogList' data-version='1' id='BlogList1'>
<h2 class='title'>Recommended Blogs</h2>
<div class='widget-content'>
<div class='blog-list-container' id='BlogList1_container'>
<ul id='BlogList1_blogs'>
<li style='display: block;'>
<div class='blog-icon'>
</div>
<div class='blog-content'>
<div class='blog-title'>
<a href='https://blogs.cisco.com' target='_blank'>
Cisco Blog</a>
</div>
<div class='item-content'>
<span class='item-title'>
<a href='https://blogs.cisco.com/internet-of-things/arc-advisory-cisco-leads-in-industrial-networking' target='_blank'>
ARC Advisory: Cisco leads in industrial networking
</a>
</span>
</div>
</div>
<div style='clear: both;'></div>
</li>
<li style='display: block;'>
<div class='blog-icon'>
</div>
<div class='blog-content'>
<div class='blog-title'>
<a href='http://blog.clamav.net/' target='_blank'>
ClamAV&#174; blog</a>
</div>
<div class='item-content'>
<span class='item-title'>
<a href='http://blog.clamav.net/2022/07/clamav-01037-01041-and-01051-patch.html' target='_blank'>
ClamAV 0.103.7, 0.104.4 and 0.105.1 patch versions published
</a>
</span>
</div>
</div>
<div style='clear: both;'></div>
</li>
<li style='display: block;'>
<div class='blog-icon'>
</div>
<div class='blog-content'>
<div class='blog-title'>
<a href='http://blog.snort.org/' target='_blank'>
Snort Blog</a>
</div>
<div class='item-content'>
<span class='item-title'>
<a href='http://blog.snort.org/2022/06/changes-to-community-rule-release.html' target='_blank'>
Changes to the community rule release schedule
</a>
</span>
</div>
</div>
<div style='clear: both;'></div>
</li>
</ul>
<div class='clear'></div>
</div>
</div>
</div></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<footer id='footer'>
<div class='container'>
<div class='row footer_nav_wrapper'>
<div class='col-md-9 col-sm-12'>
<ul class='footer_nav'>
<li class='list_col'>
<ul class='nopad'>
<li class='nopad'>
<ul class='pad first top'>
<li>
<a href='https://talosintelligence.com/software'>Software</a>
</li>
<li>
<a href='https://talosintelligence.com/reputation_center'>Reputation Center</a>
</li>
<li>
<a href='https://talosintelligence.com/vulnerability_info'>Vulnerability Information</a>
</li>
<li>
<a href='https://talosintelligence.com/ms_advisories'>Microsoft Advisory Snort Rules</a>
</li>
</ul>
</li>
<li class='list_col'>
<ul class='pad second'>
<li>
<a href='https://www.talosintelligence.com/incident_response' target='_blank'>Incident Response</a>
</li>
<li>
<a href='https://talosintelligence.com/secure-endpoint-naming'>Secure Endpoint Naming Conventions</a>
</li>
<li>
<a href='https://talosintelligence.com/talos_file_reputation'>Talos File Reputation</a>
</li>
</ul>
</li>
</ul>
</li>
<li class='list_col'>
<ul class='nopad'>
<li class='nopad'>
<ul class='pad first last'>
<li>
<a href='https://talosintelligence.com/resources'>Library</a>
</li>
<li>
<a href='https://talosintelligence.com/community'>Support Communities</a>
</li>
<li>
<a href='https://talosintelligence.com/about'>About</a>
</li>
<li>
<a href='https://talosintelligence.com/careers'>Careers</a>
</li>
</ul>
</li>
<li class='list_col'>
<ul class='pad second last'>
<li>
<a href='https://blog.talosintelligence.com'>Talos Blog</a>
</li>
<li>
<a href='https://talosintelligence.com/newsletters'>Threat Source Newsletter</a>
</li>
<li>
<a href='https://talosintelligence.com/podcasts/shows/beers_with_talos'>Beers with Talos Podcast</a>
</li>
<li>
<a href='https://talosintelligence.com/podcasts/shows/talos_takes'>Talos Takes Podcast</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class='col-md-3 col-sm-12 connect_social'>
<h5>Connect With Us</h5>
<ul>
<li>
<a href='https://twitter.com/talossecurity' target='_blank'>
<img alt='Follow us on Twitter' src='https://www.talosintelligence.com/assets/footer_icon_tw.svg'/>
</a>
</li>
<li>
<a href='https://www.youtube.com/playlist?list=PLFT-9JpKjRTDn_qtGN238gzycJfaVzMqD' target='_blank'>
<img alt='Watch our informational videos on YouTube' src='https://www.talosintelligence.com/assets/footer_icon_yt.svg'/>
</a>
</li>
<li>
<a href='https://www.linkedin.com/company/cisco-talos-intelligence-group/' target='_blank'>
<img alt='Connect with us on LinkedIn' src='https://www.talosintelligence.com/assets/footer_icon_li.svg'/>
</a>
</li>
</ul>
</div>
</div>
<div class='row'>
<div class='col-xs-12 footer_corporate'>
<a href="https://tools.cisco.com/security/center/home.x" target='_blank'>
<img alt='Cisco' src='https://www.talosintelligence.com/assets/logo_cisco_white.svg'/>
</a>
<p class='copyright'>&#169; <span id='copyright-year'></span> Cisco Systems, Inc. and/or its affiliates. All rights reserved. 
          
			View our <a class='copyright-underline underline' href='https://www.cisco.com/web/siteassets/legal/privacy_full.html' target='_blank'>Privacy Policy</a>.
		</p>
<script type='text/javascript'>
			document.getElementById('copyright-year').appendChild(document.createTextNode(new Date().getFullYear())) 
		</script>
</div>
</div>
</div>
</footer>
<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','https://www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-30016562-3', 'auto');
  ga('send', 'pageview');

 

</script>
<!--It is your responsibility to notify your visitors about cookies used and data collected on your blog. Blogger makes a standard notification available for you to use on your blog, and you can customise it or replace it with your own notice. See http://www.blogger.com/go/cookiechoices for more details.-->
<script defer='' src='/js/cookienotice.js'></script>
<script>
    document.addEventListener('DOMContentLoaded', function(event) {
      window.cookieChoices && cookieChoices.showCookieConsentBar && cookieChoices.showCookieConsentBar(
          (window.cookieOptions && cookieOptions.msg) || 'This site uses cookies from Google to deliver its services and to analyse traffic. Your IP address and user agent are shared with Google, together with performance and security metrics, to ensure quality of service, generate usage statistics and to detect and address abuse.',
          (window.cookieOptions && cookieOptions.close) || 'Ok',
          (window.cookieOptions && cookieOptions.learn) || 'Learn more',
          (window.cookieOptions && cookieOptions.link) || 'https://www.blogger.com/go/blogspot-cookies');
    });
  </script>

<script type="text/javascript" src="https://www.blogger.com/static/v1/widgets/2783068010-widgets.js"></script>
<script type='text/javascript'>
window['__wavt'] = 'AOuZoY6b91iEGQQiA__JGq_yul3zqRvtWA:1660752433589';_WidgetManager._Init('//www.blogger.com/rearrange?blogID\x3d1029833275466591797','//blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html','1029833275466591797');
_WidgetManager._SetDataContext([{'name': 'blog', 'data': {'blogId': '1029833275466591797', 'title': 'Cisco Talos Intelligence Group - Comprehensive Threat Intelligence', 'url': 'https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html', 'canonicalUrl': 'http://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html', 'homepageUrl': 'https://blog.talosintelligence.com/', 'searchUrl': 'https://blog.talosintelligence.com/search', 'canonicalHomepageUrl': 'http://blog.talosintelligence.com/', 'blogspotFaviconUrl': 'https://blog.talosintelligence.com/favicon.ico', 'bloggerUrl': 'https://www.blogger.com', 'hasCustomDomain': true, 'httpsEnabled': true, 'enabledCommentProfileImages': false, 'gPlusViewType': 'FILTERED_POSTMOD', 'adultContent': false, 'analyticsAccountNumber': 'UA-30016562-3', 'encoding': 'UTF-8', 'locale': 'en', 'localeUnderscoreDelimited': 'en', 'languageDirection': 'ltr', 'isPrivate': false, 'isMobile': false, 'isMobileRequest': false, 'mobileClass': '', 'isPrivateBlog': false, 'isDynamicViewsAvailable': true, 'feedLinks': '\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom\x22 href\x3d\x22https://blog.talosintelligence.com/feeds/posts/default\x22 /\x3e\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/rss+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - RSS\x22 href\x3d\x22https://blog.talosintelligence.com/feeds/posts/default?alt\x3drss\x22 /\x3e\n\x3clink rel\x3d\x22service.post\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom\x22 href\x3d\x22https://www.blogger.com/feeds/1029833275466591797/posts/default\x22 /\x3e\n\n\x3clink rel\x3d\x22alternate\x22 type\x3d\x22application/atom+xml\x22 title\x3d\x22Cisco Talos Intelligence Group - Comprehensive Threat Intelligence - Atom\x22 href\x3d\x22https://blog.talosintelligence.com/feeds/815244403413243368/comments/default\x22 /\x3e\n', 'meTag': '', 'adsenseHostId': 'ca-host-pub-1556223355139109', 'adsenseHasAds': false, 'adsenseAutoAds': false, 'boqCommentIframeForm': true, 'loginRedirectParam': '', 'view': '', 'dynamicViewsCommentsSrc': '//www.blogblog.com/dynamicviews/4224c15c4e7c9321/js/comments.js', 'dynamicViewsScriptSrc': '//www.blogblog.com/dynamicviews/06c487c1eebe744e', 'plusOneApiSrc': 'https://apis.google.com/js/plusone.js', 'disableGComments': true, 'sharing': {'platforms': [{'name': 'Get link', 'key': 'link', 'shareMessage': 'Get link', 'target': ''}, {'name': 'Facebook', 'key': 'facebook', 'shareMessage': 'Share to Facebook', 'target': 'facebook'}, {'name': 'BlogThis!', 'key': 'blogThis', 'shareMessage': 'BlogThis!', 'target': 'blog'}, {'name': 'Twitter', 'key': 'twitter', 'shareMessage': 'Share to Twitter', 'target': 'twitter'}, {'name': 'Pinterest', 'key': 'pinterest', 'shareMessage': 'Share to Pinterest', 'target': 'pinterest'}, {'name': 'Email', 'key': 'email', 'shareMessage': 'Email', 'target': 'email'}], 'disableGooglePlus': true, 'googlePlusShareButtonWidth': 0, 'googlePlusBootstrap': '\x3cscript type\x3d\x22text/javascript\x22\x3ewindow.___gcfg \x3d {\x27lang\x27: \x27en\x27};\x3c/script\x3e'}, 'hasCustomJumpLinkMessage': false, 'jumpLinkMessage': 'Read more', 'pageType': 'item', 'postId': '815244403413243368', 'postImageThumbnailUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsnZVqaECj6vdsft3luT7kVveSWQaFxytsp-RFda-jgVhbrqFiIfwbdlPP_ismSW4vbzINmeOKtYHxG7m-C2lFpDLVaj0TnQG8i2enwFaZB6gWDBhSQ3MuuD7lmF-Cq-VcVbseIRU2_dh9iylBOBs5CHRdEuQlpYa2GdKi7j815O908c0JIQ-k-JUjew/s72-c/image13.jpg', 'postImageUrl': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsnZVqaECj6vdsft3luT7kVveSWQaFxytsp-RFda-jgVhbrqFiIfwbdlPP_ismSW4vbzINmeOKtYHxG7m-C2lFpDLVaj0TnQG8i2enwFaZB6gWDBhSQ3MuuD7lmF-Cq-VcVbseIRU2_dh9iylBOBs5CHRdEuQlpYa2GdKi7j815O908c0JIQ-k-JUjew/s16000/image13.jpg', 'pageName': 'Manjusaka: A Chinese sibling of Sliver and Cobalt Strike', 'pageTitle': 'Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: Manjusaka: A Chinese sibling of Sliver and Cobalt Strike', 'metaDescription': ''}}, {'name': 'features', 'data': {'sharing_get_link_dialog': 'true', 'sharing_native': 'false'}}, {'name': 'messages', 'data': {'edit': 'Edit', 'linkCopiedToClipboard': 'Link copied to clipboard!', 'ok': 'Ok', 'postLink': 'Post Link'}}, {'name': 'template', 'data': {'name': 'custom', 'localizedName': 'Custom', 'isResponsive': false, 'isAlternateRendering': false, 'isCustom': true}}, {'name': 'view', 'data': {'classic': {'name': 'classic', 'url': '?view\x3dclassic'}, 'flipcard': {'name': 'flipcard', 'url': '?view\x3dflipcard'}, 'magazine': {'name': 'magazine', 'url': '?view\x3dmagazine'}, 'mosaic': {'name': 'mosaic', 'url': '?view\x3dmosaic'}, 'sidebar': {'name': 'sidebar', 'url': '?view\x3dsidebar'}, 'snapshot': {'name': 'snapshot', 'url': '?view\x3dsnapshot'}, 'timeslide': {'name': 'timeslide', 'url': '?view\x3dtimeslide'}, 'isMobile': false, 'title': 'Manjusaka: A Chinese sibling of Sliver and Cobalt Strike', 'description': 'A blog from the world class Intelligence Group, Talos, Cisco\x27s Intelligence Group', 'featuredImage': 'https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhsnZVqaECj6vdsft3luT7kVveSWQaFxytsp-RFda-jgVhbrqFiIfwbdlPP_ismSW4vbzINmeOKtYHxG7m-C2lFpDLVaj0TnQG8i2enwFaZB6gWDBhSQ3MuuD7lmF-Cq-VcVbseIRU2_dh9iylBOBs5CHRdEuQlpYa2GdKi7j815O908c0JIQ-k-JUjew/s16000/image13.jpg', 'url': 'https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html', 'type': 'item', 'isSingleItem': true, 'isMultipleItems': false, 'isError': false, 'isPage': false, 'isPost': true, 'isHomepage': false, 'isArchive': false, 'isLabelSearch': false, 'postId': 815244403413243368}}]);
_WidgetManager._RegisterWidget('_BlogView', new _WidgetInfo('Blog1', 'main', document.getElementById('Blog1'), {'cmtInteractionsEnabled': false}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML1', 'sidebar', document.getElementById('HTML1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_HTMLView', new _WidgetInfo('HTML2', 'sidebar', document.getElementById('HTML2'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_SubscribeView', new _WidgetInfo('Subscribe1', 'sidebar', document.getElementById('Subscribe1'), {}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogArchiveView', new _WidgetInfo('BlogArchive1', 'sidebar', document.getElementById('BlogArchive1'), {'languageDirection': 'ltr', 'loadingMessage': 'Loading\x26hellip;'}, 'displayModeFull'));
_WidgetManager._RegisterWidget('_BlogListView', new _WidgetInfo('BlogList1', 'sidebar', document.getElementById('BlogList1'), {'numItemsToShow': 0, 'totalItems': 3}, 'displayModeFull'));
</script>
<script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"73c3a95499d80702","token":"35f8ae698f9d471b83b846a751388737","version":"2022.8.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>